Process data contains all attributes about a process that was flagged by Sandfly Security or the user for whatever reason. It will contain not only process specific information, but also information on the binary associated with the process if it is available. The binary information mirrors that available under the File Data type.


{
	"name": "",
	"extension": "",
	"cmdline": "",
	"command": "",
	"date": {
		"created": "",
		"created_minutes": 0
	},
	"pid": 0,
	"ppid": 0,
	"pgid": 0,
	"uid": 0,
	"username": "",
	"gid": 0,
	"groupname": "",
	"path": "",
	"true_path": "",
	"cwd": "",
	"entropy": 0,
	"state": "",
	"system_uptime": "",
	"flags": {
		"deleted": false,
		"immutable": false,
		"containerized": false,
		"hidden": false
	},
	"file_descriptors": null,
	"environ": null,
	"maps": null,
	"stack": null,
	"cgroup": null,
	"container": {
		"id": "",
		"id_short": "",
		"rootdir": ""
	},
	"network_ports": {
		"operating": false,
		"established": false,
		"established_num": 0,
		"listening": false,
		"listening_num": 0,
		"tcp": {
			"operating": false,
			"listening": false,
			"listening_num": 0,
			"established": false,
			"established_num": 0,
			"connections": null
		},
		"tcp6": {
			"operating": false,
			"listening": false,
			"listening_num": 0,
			"established": false,
			"established_num": 0,
			"connections": null
		},
		"udp": {
			"operating": false,
			"listening": false,
			"listening_num": 0,
			"established": false,
			"established_num": 0,
			"connections": null
		},
		"udp6": {
			"operating": false,
			"listening": false,
			"listening_num": 0,
			"established": false,
			"established_num": 0,
			"connections": null
		},
		"icmp": {
			"operating": false,
			"listening": false,
			"listening_num": 0,
			"established": false,
			"established_num": 0,
			"connections": null
		},
		"icmp6": {
			"operating": false,
			"listening": false,
			"listening_num": 0,
			"established": false,
			"established_num": 0,
			"connections": null
		},
		"raw": {
			"operating": false,
			"listening": false,
			"listening_num": 0,
			"established": false,
			"established_num": 0,
			"connections": null
		},
		"raw6": {
			"operating": false,
			"listening": false,
			"listening_num": 0,
			"established": false,
			"established_num": 0,
			"connections": null
		},
		"sctp": {
			"operating": false,
			"listening": false,
			"listening_num": 0,
			"established": false,
			"established_num": 0,
			"connections": null
		}
	},
	"hash": {
		"md5": "",
		"sha1": "",
		"sha256": "",
		"sha512": ""
	},
	"file": {
		"date": {
			"created": "",
			"created_minutes": 0,
			"modified": "",
			"modified_minutes": 0,
			"accessed": "",
			"accessed_minutes": 0
		},
		"inode": 0,
		"device": 0,
		"rdevice": 0,
		"nlink": 0,
		"mode": "",
		"uid": 0,
		"username": "",
		"gid": 0,
		"groupname": "",
		"size": 0,
		"size_byte_count": 0,
		"size_mismatch": false,
		"blksize": 0,
		"blocks": 0,
		"path": "",
		"path_root": "",
		"path_link": "",
		"name": "",
		"extension": "",
		"flags": {
			"directory": false,
			"regular": false,
			"link": false,
			"suid": false,
			"suid_root": false,
			"sgid": false,
			"sgid_root": false,
			"socket": false,
			"device": false,
			"char_device": false,
			"named_pipe": false,
			"sticky": false,
			"immutable": false,
			"hidden": false,
			"deleted": false
		},
		"entropy": 0,
		"hash": {
			"md5": "",
			"sha1": "",
			"sha256": "",
			"sha512": ""
		},
		"magic_num": {
			"hex": "",
			"text": "",
			"type": "",
			"class": "",
			"expected_extensions": null
		},
		"data": null
	},
	"stat": {
		"pid": 0,
		"comm": "",
		"state": "",
		"ppid": 0,
		"pgrp": 0,
		"session": 0,
		"tty_nr": 0,
		"tpgid": 0,
		"flags": 0,
		"minflt": 0,
		"cminflt": 0,
		"majflt": 0,
		"cmajflt": 0,
		"utime": 0,
		"stime": 0,
		"cutime": 0,
		"cstime": 0,
		"priority": 0,
		"nice": 0,
		"num_threads": 0,
		"itrealvalue": 0,
		"starttime": 0,
		"vsize": 0,
		"rss": 0,
		"rsslim": 0,
		"startcode": 0,
		"endcode": 0,
		"startstack": 0,
		"kstkesp": 0,
		"kstkeip": 0,
		"signal": 0,
		"locked": 0,
		"sigignore": 0,
		"sigcatch": 0,
		"wchan": 0,
		"nswap": 0,
		"cnswap": 0,
		"exit_signal": 0,
		"processor": 0,
		"rt_priority": 0,
		"policy": 0,
		"delayacct_blkio_ticks": 0,
		"guest_time": 0,
		"cguest_time": 0,
		"start_data": 0,
		"end_data": 0,
		"start_brk": 0,
		"arg_start": 0,
		"arg_end": 0,
		"env_start": 0,
		"env_end": 0,
		"exit_code": 0
	},
	"status": {
		"name": "",
		"umask": "",
		"state": "",
		"tgid": 0,
		"ngid": 0,
		"pid": 0,
		"ppid": 0,
		"tracer_pid": 0,
		"uid": 0,
		"gid": 0,
		"fdsize": 0,
		"groups": 0,
		"ns_tgid": 0,
		"ns_pid": 0,
		"ns_pgid": 0,
		"ns_sid": 0,
		"vm_peak": 0,
		"vm_size": 0,
		"vm_lck": 0,
		"vm_pin": 0,
		"vm_hwm": 0,
		"vm_rss": 0,
		"rss_anon": 0,
		"rss_file": 0,
		"rss_shmem": 0,
		"vm_data": 0,
		"vm_stk": 0,
		"vm_exe": 0,
		"vm_lib": 0,
		"vm_pte": 0,
		"vm_swap": 0,
		"hugeltb_pages": 0,
		"core_dumping": false,
		"thp_enabled": false,
		"threads": 0,
		"sig_q": "",
		"sig_pnd": "",
		"shd_pnd": "",
		"sig_blk": "",
		"sig_ign": "",
		"sig_cgt": "",
		"cap_inh": "",
		"cap_prm": "",
		"cap_eff": "",
		"cap_bnd": "",
		"cap_amb": "",
		"no_new_privs": false,
		"seccomp": 0,
		"speculation_store_bypass": "",
		"cpus_allowed": "",
		"cpus_allowed_list": "",
		"mems_allowed": "",
		"mems_allowed_list": "",
		"voluntary_ctxt_switches": 0,
		"nonvoluntar_ctxt_switches": 0
	}
}


Previous
Previous Article:

Next Article:
Next