Process Data
Process data contains all attributes about a process that was flagged by Sandfly Security or the user for whatever reason. It will contain not only process specific information, but also information on the binary associated with the process if it is available. The binary information mirrors that available under the File Data type.
{
"name": "",
"extension": "",
"cmdline": "",
"command": "",
"date": {
"created": "",
"created_minutes": 0
},
"pid": 0,
"ppid": 0,
"pgid": 0,
"uid": 0,
"username": "",
"gid": 0,
"groupname": "",
"path": "",
"true_path": "",
"cwd": "",
"entropy": 0,
"state": "",
"system_uptime": "",
"flags": {
"deleted": false,
"immutable": false,
"containerized": false,
"hidden": false
},
"file_descriptors": null,
"environ": null,
"maps": null,
"stack": null,
"cgroup": null,
"container": {
"id": "",
"id_short": "",
"rootdir": ""
},
"network_ports": {
"operating": false,
"established": false,
"established_num": 0,
"listening": false,
"listening_num": 0,
"tcp": {
"operating": false,
"listening": false,
"listening_num": 0,
"established": false,
"established_num": 0,
"connections": null
},
"tcp6": {
"operating": false,
"listening": false,
"listening_num": 0,
"established": false,
"established_num": 0,
"connections": null
},
"udp": {
"operating": false,
"listening": false,
"listening_num": 0,
"established": false,
"established_num": 0,
"connections": null
},
"udp6": {
"operating": false,
"listening": false,
"listening_num": 0,
"established": false,
"established_num": 0,
"connections": null
},
"icmp": {
"operating": false,
"listening": false,
"listening_num": 0,
"established": false,
"established_num": 0,
"connections": null
},
"icmp6": {
"operating": false,
"listening": false,
"listening_num": 0,
"established": false,
"established_num": 0,
"connections": null
},
"raw": {
"operating": false,
"listening": false,
"listening_num": 0,
"established": false,
"established_num": 0,
"connections": null
},
"raw6": {
"operating": false,
"listening": false,
"listening_num": 0,
"established": false,
"established_num": 0,
"connections": null
},
"sctp": {
"operating": false,
"listening": false,
"listening_num": 0,
"established": false,
"established_num": 0,
"connections": null
}
},
"hash": {
"md5": "",
"sha1": "",
"sha256": "",
"sha512": ""
},
"file": {
"date": {
"created": "",
"created_minutes": 0,
"modified": "",
"modified_minutes": 0,
"accessed": "",
"accessed_minutes": 0
},
"inode": 0,
"device": 0,
"rdevice": 0,
"nlink": 0,
"mode": "",
"uid": 0,
"username": "",
"gid": 0,
"groupname": "",
"size": 0,
"size_byte_count": 0,
"size_byte_count_status": "",
"size_mismatch": false,
"blksize": 0,
"blocks": 0,
"path": "",
"path_root": "",
"path_link": "",
"true_path": "",
"name": "",
"extension": "",
"flags": {
"directory": false,
"regular": false,
"link": false,
"suid": false,
"suid_root": false,
"sgid": false,
"sgid_root": false,
"socket": false,
"device": false,
"char_device": false,
"named_pipe": false,
"sticky": false,
"immutable": false,
"hidden": false,
"deleted": false,
"containerized": false
},
"entropy": 0,
"hash": {
"md5": "",
"sha1": "",
"sha256": "",
"sha512": ""
},
"magic_num": {
"hex": "",
"text": "",
"type": "",
"class": "",
"expected_extensions": null
},
"container": {
"id": "",
"id_short": "",
"rootdir": ""
},
"data": null
},
"stat": {
"pid": 0,
"comm": "",
"state": "",
"ppid": 0,
"pgrp": 0,
"session": 0,
"tty_nr": 0,
"tpgid": 0,
"flags": 0,
"minflt": 0,
"cminflt": 0,
"majflt": 0,
"cmajflt": 0,
"utime": 0,
"stime": 0,
"cutime": 0,
"cstime": 0,
"priority": 0,
"nice": 0,
"num_threads": 0,
"itrealvalue": 0,
"starttime": 0,
"vsize": 0,
"rss": 0,
"rsslim": 0,
"startcode": 0,
"endcode": 0,
"startstack": 0,
"kstkesp": 0,
"kstkeip": 0,
"signal": 0,
"locked": 0,
"sigignore": 0,
"sigcatch": 0,
"wchan": 0,
"nswap": 0,
"cnswap": 0,
"exit_signal": 0,
"processor": 0,
"rt_priority": 0,
"policy": 0,
"delayacct_blkio_ticks": 0,
"guest_time": 0,
"cguest_time": 0,
"start_data": 0,
"end_data": 0,
"start_brk": 0,
"arg_start": 0,
"arg_end": 0,
"env_start": 0,
"env_end": 0,
"exit_code": 0
},
"status": {
"name": "",
"umask": "",
"state": "",
"tgid": 0,
"ngid": 0,
"pid": 0,
"ppid": 0,
"tracer_pid": 0,
"uid": 0,
"gid": 0,
"fdsize": 0,
"groups": 0,
"ns_tgid": 0,
"ns_pid": 0,
"ns_pgid": 0,
"ns_sid": 0,
"vm_peak": 0,
"vm_size": 0,
"vm_lck": 0,
"vm_pin": 0,
"vm_hwm": 0,
"vm_rss": 0,
"rss_anon": 0,
"rss_file": 0,
"rss_shmem": 0,
"vm_data": 0,
"vm_stk": 0,
"vm_exe": 0,
"vm_lib": 0,
"vm_pte": 0,
"vm_swap": 0,
"hugeltb_pages": 0,
"core_dumping": false,
"thp_enabled": false,
"threads": 0,
"sig_q": "",
"sig_pnd": "",
"shd_pnd": "",
"sig_blk": "",
"sig_ign": "",
"sig_cgt": "",
"cap_inh": "",
"cap_prm": "",
"cap_eff": "",
"cap_bnd": "",
"cap_amb": "",
"no_new_privs": false,
"seccomp": 0,
"speculation_store_bypass": "",
"cpus_allowed": "",
"cpus_allowed_list": "",
"mems_allowed": "",
"mems_allowed_list": "",
"voluntary_ctxt_switches": 0,
"nonvoluntar_ctxt_switches": 0
}
}
Updated 3 months ago