Class RuntimeContext
- All Implemented Interfaces:
Serializable,SdkPojo,ToCopyableBuilder<RuntimeContext.Builder,RuntimeContext>
Additional information about the suspicious activity.
- See Also:
-
Nested Class Summary
Nested Classes -
Method Summary
Modifier and TypeMethodDescriptionfinal StringRepresents the communication protocol associated with the address.static RuntimeContext.Builderbuilder()final StringExample of the command line involved in the suspicious activity.final booleanfinal booleanequalsBySdkFields(Object obj) Indicates whether some other object is "equal to" this one by SDK fields.final StringRepresents the type of mounted fileSystem.flags()Represents options that control the behavior of a runtime operation or action.final <T> Optional<T> getValueForField(String fieldName, Class<T> clazz) final booleanhasFlags()For responses, this returns true if the service returned a value for the Flags property.final inthashCode()final booleanFor responses, this returns true if the service returned a value for the MemoryRegions property.final IntegerSpecifies a particular protocol within the address family.final StringThe value of the LD_PRELOAD environment variable.final StringThe path to the new library that was loaded.Specifies the Region of a process's address space such as stack and heap.final InstantThe timestamp at which the process modified the current process.final ProcessDetailsInformation about the process that modified the current process.final StringThe path to the module loaded into the kernel.final StringThe name of the module loaded into the kernel.final StringTheSHA256hash of the module.final StringThe path on the host that is mounted by the container.final StringThe path in the container that is mapped to the host directory.final StringThe path in the container that modified the release agent file.final StringThe path to the leveragedruncimplementation.final StringThe path to the script that was executed.static Class<? extends RuntimeContext.Builder> final StringName of the security service that has been potentially disabled.final StringThe path to the modified shell history file.final StringThe path to the docket socket that was accessed.final ProcessDetailsInformation about the process that had its memory overwritten by the current process.final StringThe suspicious file path for which the threat intelligence details were found.Take this object and create a builder that contains all of the current property values of this object.final StringCategory that the tool belongs to.final StringtoolName()Name of the potentially suspicious tool.final StringtoString()Returns a string representation of this object.Methods inherited from interface software.amazon.awssdk.utils.builder.ToCopyableBuilder
copy
-
Method Details
-
modifyingProcess
Information about the process that modified the current process. This is available for multiple finding types.
- Returns:
- Information about the process that modified the current process. This is available for multiple finding types.
-
modifiedAt
The timestamp at which the process modified the current process. The timestamp is in UTC date string format.
- Returns:
- The timestamp at which the process modified the current process. The timestamp is in UTC date string format.
-
scriptPath
The path to the script that was executed.
- Returns:
- The path to the script that was executed.
-
libraryPath
The path to the new library that was loaded.
- Returns:
- The path to the new library that was loaded.
-
ldPreloadValue
The value of the LD_PRELOAD environment variable.
- Returns:
- The value of the LD_PRELOAD environment variable.
-
socketPath
The path to the docket socket that was accessed.
- Returns:
- The path to the docket socket that was accessed.
-
runcBinaryPath
The path to the leveraged
runcimplementation.- Returns:
- The path to the leveraged
runcimplementation.
-
releaseAgentPath
The path in the container that modified the release agent file.
- Returns:
- The path in the container that modified the release agent file.
-
mountSource
The path on the host that is mounted by the container.
- Returns:
- The path on the host that is mounted by the container.
-
mountTarget
The path in the container that is mapped to the host directory.
- Returns:
- The path in the container that is mapped to the host directory.
-
fileSystemType
Represents the type of mounted fileSystem.
- Returns:
- Represents the type of mounted fileSystem.
-
hasFlags
public final boolean hasFlags()For responses, this returns true if the service returned a value for the Flags property. This DOES NOT check that the value is non-empty (for which, you should check theisEmpty()method on the property). This is useful because the SDK will never return a null collection or map, but you may need to differentiate between the service returning nothing (or null) and the service returning an empty collection or map. For requests, this returns true if a value for the property was specified in the request builder, and false if a value was not specified. -
flags
Represents options that control the behavior of a runtime operation or action. For example, a filesystem mount operation may contain a read-only flag.
Attempts to modify the collection returned by this method will result in an UnsupportedOperationException.
This method will never return null. If you would like to know whether the service returned this field (so that you can differentiate between null and empty), you can use the
hasFlags()method.- Returns:
- Represents options that control the behavior of a runtime operation or action. For example, a filesystem mount operation may contain a read-only flag.
-
moduleName
The name of the module loaded into the kernel.
- Returns:
- The name of the module loaded into the kernel.
-
moduleFilePath
The path to the module loaded into the kernel.
- Returns:
- The path to the module loaded into the kernel.
-
moduleSha256
The
SHA256hash of the module.- Returns:
- The
SHA256hash of the module.
-
shellHistoryFilePath
The path to the modified shell history file.
- Returns:
- The path to the modified shell history file.
-
targetProcess
Information about the process that had its memory overwritten by the current process.
- Returns:
- Information about the process that had its memory overwritten by the current process.
-
addressFamily
Represents the communication protocol associated with the address. For example, the address family
AF_INETis used for IP version of 4 protocol.- Returns:
- Represents the communication protocol associated with the address. For example, the address family
AF_INETis used for IP version of 4 protocol.
-
ianaProtocolNumber
Specifies a particular protocol within the address family. Usually there is a single protocol in address families. For example, the address family
AF_INETonly has the IP protocol.- Returns:
- Specifies a particular protocol within the address family. Usually there is a single protocol in address
families. For example, the address family
AF_INETonly has the IP protocol.
-
hasMemoryRegions
public final boolean hasMemoryRegions()For responses, this returns true if the service returned a value for the MemoryRegions property. This DOES NOT check that the value is non-empty (for which, you should check theisEmpty()method on the property). This is useful because the SDK will never return a null collection or map, but you may need to differentiate between the service returning nothing (or null) and the service returning an empty collection or map. For requests, this returns true if a value for the property was specified in the request builder, and false if a value was not specified. -
memoryRegions
Specifies the Region of a process's address space such as stack and heap.
Attempts to modify the collection returned by this method will result in an UnsupportedOperationException.
This method will never return null. If you would like to know whether the service returned this field (so that you can differentiate between null and empty), you can use the
hasMemoryRegions()method.- Returns:
- Specifies the Region of a process's address space such as stack and heap.
-
toolName
Name of the potentially suspicious tool.
- Returns:
- Name of the potentially suspicious tool.
-
toolCategory
Category that the tool belongs to. Some of the examples are Backdoor Tool, Pentest Tool, Network Scanner, and Network Sniffer.
- Returns:
- Category that the tool belongs to. Some of the examples are Backdoor Tool, Pentest Tool, Network Scanner, and Network Sniffer.
-
serviceName
Name of the security service that has been potentially disabled.
- Returns:
- Name of the security service that has been potentially disabled.
-
commandLineExample
Example of the command line involved in the suspicious activity.
- Returns:
- Example of the command line involved in the suspicious activity.
-
threatFilePath
The suspicious file path for which the threat intelligence details were found.
- Returns:
- The suspicious file path for which the threat intelligence details were found.
-
toBuilder
Description copied from interface:ToCopyableBuilderTake this object and create a builder that contains all of the current property values of this object.- Specified by:
toBuilderin interfaceToCopyableBuilder<RuntimeContext.Builder,RuntimeContext> - Returns:
- a builder for type T
-
builder
-
serializableBuilderClass
-
hashCode
-
equals
-
equalsBySdkFields
Description copied from interface:SdkPojoIndicates whether some other object is "equal to" this one by SDK fields. An SDK field is a modeled, non-inherited field in anSdkPojoclass, and is generated based on a service model.If an
SdkPojoclass does not have any inherited fields,equalsBySdkFieldsandequalsare essentially the same.- Specified by:
equalsBySdkFieldsin interfaceSdkPojo- Parameters:
obj- the object to be compared with- Returns:
- true if the other object equals to this object by sdk fields, false otherwise.
-
toString
-
getValueForField
-
sdkFields
-
sdkFieldNameToField
- Specified by:
sdkFieldNameToFieldin interfaceSdkPojo- Returns:
- The mapping between the field name and its corresponding field.
-