Interface RuntimeContext.Builder

All Superinterfaces:
Buildable, CopyableBuilder<RuntimeContext.Builder,RuntimeContext>, SdkBuilder<RuntimeContext.Builder,RuntimeContext>, SdkPojo
Enclosing class:
RuntimeContext
@Mutable @NotThreadSafe public static interface RuntimeContext.Builder extends SdkPojo, CopyableBuilder<RuntimeContext.Builder,RuntimeContext>

  • Method Details

    • modifyingProcess

      RuntimeContext.Builder modifyingProcess(ProcessDetails modifyingProcess)

      Information about the process that modified the current process. This is available for multiple finding types.

      Parameters:
      modifyingProcess - Information about the process that modified the current process. This is available for multiple finding types.
      Returns:
      Returns a reference to this object so that method calls can be chained together.

    • modifyingProcess

      default RuntimeContext.Builder modifyingProcess(Consumer<ProcessDetails.Builder> modifyingProcess)

      Information about the process that modified the current process. This is available for multiple finding types.

      This is a convenience method that creates an instance of the ProcessDetails.Builder avoiding the need to create one manually via ProcessDetails.builder().

      When the Consumer completes, SdkBuilder.build() is called immediately and its result is passed to modifyingProcess(ProcessDetails).

      Parameters:
      modifyingProcess - a consumer that will call methods on ProcessDetails.Builder
      Returns:
      Returns a reference to this object so that method calls can be chained together.
      See Also:

    • modifiedAt

      RuntimeContext.Builder modifiedAt(Instant modifiedAt)

      The timestamp at which the process modified the current process. The timestamp is in UTC date string format.

      Parameters:
      modifiedAt - The timestamp at which the process modified the current process. The timestamp is in UTC date string format.
      Returns:
      Returns a reference to this object so that method calls can be chained together.

    • scriptPath

      RuntimeContext.Builder scriptPath(String scriptPath)

      The path to the script that was executed.

      Parameters:
      scriptPath - The path to the script that was executed.
      Returns:
      Returns a reference to this object so that method calls can be chained together.

    • libraryPath

      RuntimeContext.Builder libraryPath(String libraryPath)

      The path to the new library that was loaded.

      Parameters:
      libraryPath - The path to the new library that was loaded.
      Returns:
      Returns a reference to this object so that method calls can be chained together.

    • ldPreloadValue

      RuntimeContext.Builder ldPreloadValue(String ldPreloadValue)

      The value of the LD_PRELOAD environment variable.

      Parameters:
      ldPreloadValue - The value of the LD_PRELOAD environment variable.
      Returns:
      Returns a reference to this object so that method calls can be chained together.

    • socketPath

      RuntimeContext.Builder socketPath(String socketPath)

      The path to the docket socket that was accessed.

      Parameters:
      socketPath - The path to the docket socket that was accessed.
      Returns:
      Returns a reference to this object so that method calls can be chained together.

    • runcBinaryPath

      RuntimeContext.Builder runcBinaryPath(String runcBinaryPath)

      The path to the leveraged runc implementation.

      Parameters:
      runcBinaryPath - The path to the leveraged runc implementation.
      Returns:
      Returns a reference to this object so that method calls can be chained together.

    • releaseAgentPath

      RuntimeContext.Builder releaseAgentPath(String releaseAgentPath)

      The path in the container that modified the release agent file.

      Parameters:
      releaseAgentPath - The path in the container that modified the release agent file.
      Returns:
      Returns a reference to this object so that method calls can be chained together.

    • mountSource

      RuntimeContext.Builder mountSource(String mountSource)

      The path on the host that is mounted by the container.

      Parameters:
      mountSource - The path on the host that is mounted by the container.
      Returns:
      Returns a reference to this object so that method calls can be chained together.

    • mountTarget

      RuntimeContext.Builder mountTarget(String mountTarget)

      The path in the container that is mapped to the host directory.

      Parameters:
      mountTarget - The path in the container that is mapped to the host directory.
      Returns:
      Returns a reference to this object so that method calls can be chained together.

    • fileSystemType

      RuntimeContext.Builder fileSystemType(String fileSystemType)

      Represents the type of mounted fileSystem.

      Parameters:
      fileSystemType - Represents the type of mounted fileSystem.
      Returns:
      Returns a reference to this object so that method calls can be chained together.

    • flags

      RuntimeContext.Builder flags(Collection<String> flags)

      Represents options that control the behavior of a runtime operation or action. For example, a filesystem mount operation may contain a read-only flag.

      Parameters:
      flags - Represents options that control the behavior of a runtime operation or action. For example, a filesystem mount operation may contain a read-only flag.
      Returns:
      Returns a reference to this object so that method calls can be chained together.

    • flags

      RuntimeContext.Builder flags(String... flags)

      Represents options that control the behavior of a runtime operation or action. For example, a filesystem mount operation may contain a read-only flag.

      Parameters:
      flags - Represents options that control the behavior of a runtime operation or action. For example, a filesystem mount operation may contain a read-only flag.
      Returns:
      Returns a reference to this object so that method calls can be chained together.

    • moduleName

      RuntimeContext.Builder moduleName(String moduleName)

      The name of the module loaded into the kernel.

      Parameters:
      moduleName - The name of the module loaded into the kernel.
      Returns:
      Returns a reference to this object so that method calls can be chained together.

    • moduleFilePath

      RuntimeContext.Builder moduleFilePath(String moduleFilePath)

      The path to the module loaded into the kernel.

      Parameters:
      moduleFilePath - The path to the module loaded into the kernel.
      Returns:
      Returns a reference to this object so that method calls can be chained together.

    • moduleSha256

      RuntimeContext.Builder moduleSha256(String moduleSha256)

      The SHA256 hash of the module.

      Parameters:
      moduleSha256 - The SHA256 hash of the module.
      Returns:
      Returns a reference to this object so that method calls can be chained together.

    • shellHistoryFilePath

      RuntimeContext.Builder shellHistoryFilePath(String shellHistoryFilePath)

      The path to the modified shell history file.

      Parameters:
      shellHistoryFilePath - The path to the modified shell history file.
      Returns:
      Returns a reference to this object so that method calls can be chained together.

    • targetProcess

      RuntimeContext.Builder targetProcess(ProcessDetails targetProcess)

      Information about the process that had its memory overwritten by the current process.

      Parameters:
      targetProcess - Information about the process that had its memory overwritten by the current process.
      Returns:
      Returns a reference to this object so that method calls can be chained together.

    • targetProcess

      default RuntimeContext.Builder targetProcess(Consumer<ProcessDetails.Builder> targetProcess)

      Information about the process that had its memory overwritten by the current process.

      This is a convenience method that creates an instance of the ProcessDetails.Builder avoiding the need to create one manually via ProcessDetails.builder().

      When the Consumer completes, SdkBuilder.build() is called immediately and its result is passed to targetProcess(ProcessDetails).

      Parameters:
      targetProcess - a consumer that will call methods on ProcessDetails.Builder
      Returns:
      Returns a reference to this object so that method calls can be chained together.
      See Also:

    • addressFamily

      RuntimeContext.Builder addressFamily(String addressFamily)

      Represents the communication protocol associated with the address. For example, the address family AF_INET is used for IP version of 4 protocol.

      Parameters:
      addressFamily - Represents the communication protocol associated with the address. For example, the address family AF_INET is used for IP version of 4 protocol.
      Returns:
      Returns a reference to this object so that method calls can be chained together.

    • ianaProtocolNumber

      RuntimeContext.Builder ianaProtocolNumber(Integer ianaProtocolNumber)

      Specifies a particular protocol within the address family. Usually there is a single protocol in address families. For example, the address family AF_INET only has the IP protocol.

      Parameters:
      ianaProtocolNumber - Specifies a particular protocol within the address family. Usually there is a single protocol in address families. For example, the address family AF_INET only has the IP protocol.
      Returns:
      Returns a reference to this object so that method calls can be chained together.

    • memoryRegions

      RuntimeContext.Builder memoryRegions(Collection<String> memoryRegions)

      Specifies the Region of a process's address space such as stack and heap.

      Parameters:
      memoryRegions - Specifies the Region of a process's address space such as stack and heap.
      Returns:
      Returns a reference to this object so that method calls can be chained together.

    • memoryRegions

      RuntimeContext.Builder memoryRegions(String... memoryRegions)

      Specifies the Region of a process's address space such as stack and heap.

      Parameters:
      memoryRegions - Specifies the Region of a process's address space such as stack and heap.
      Returns:
      Returns a reference to this object so that method calls can be chained together.

    • toolName

      RuntimeContext.Builder toolName(String toolName)

      Name of the potentially suspicious tool.

      Parameters:
      toolName - Name of the potentially suspicious tool.
      Returns:
      Returns a reference to this object so that method calls can be chained together.

    • toolCategory

      RuntimeContext.Builder toolCategory(String toolCategory)

      Category that the tool belongs to. Some of the examples are Backdoor Tool, Pentest Tool, Network Scanner, and Network Sniffer.

      Parameters:
      toolCategory - Category that the tool belongs to. Some of the examples are Backdoor Tool, Pentest Tool, Network Scanner, and Network Sniffer.
      Returns:
      Returns a reference to this object so that method calls can be chained together.

    • serviceName

      RuntimeContext.Builder serviceName(String serviceName)

      Name of the security service that has been potentially disabled.

      Parameters:
      serviceName - Name of the security service that has been potentially disabled.
      Returns:
      Returns a reference to this object so that method calls can be chained together.

    • commandLineExample

      RuntimeContext.Builder commandLineExample(String commandLineExample)

      Example of the command line involved in the suspicious activity.

      Parameters:
      commandLineExample - Example of the command line involved in the suspicious activity.
      Returns:
      Returns a reference to this object so that method calls can be chained together.

    • threatFilePath

      RuntimeContext.Builder threatFilePath(String threatFilePath)

      The suspicious file path for which the threat intelligence details were found.

      Parameters:
      threatFilePath - The suspicious file path for which the threat intelligence details were found.
      Returns:
      Returns a reference to this object so that method calls can be chained together.