Process data contains all attributes about a process that was flagged by Sandfly Security or the user for whatever reason. It will contain not only process specific information, but also information on the binary associated with the process if it is available. The binary information mirrors that available under the File Data type.
{
"name": "",
"extension": "",
"cmdline": "",
"command": "",
"date": {
"created": "",
"created_minutes": 0
},
"pid": 0,
"ppid": 0,
"pgid": 0,
"uid": 0,
"uid_name": "",
"gid": 0,
"gid_name": "",
"path": "",
"cwd": "",
"entropy": 0,
"state": "",
"system_uptime": "",
"flags": {
"deleted": false,
"immutable": false,
"containerized": false,
"hidden": false
},
"file_descriptors": null,
"environ": null,
"maps": null,
"stack": null,
"cgroup": null,
"container": {
"id": "",
"id_short": "",
"upperdir": "",
"workingdir": ""
},
"network_ports": {
"operating": false,
"established": false,
"established_num": 0,
"listening": false,
"listening_num": 0,
"tcp": {
"operating": false,
"listening": false,
"listening_num": 0,
"established": false,
"established_num": 0,
"connections": null
},
"tcp6": {
"operating": false,
"listening": false,
"listening_num": 0,
"established": false,
"established_num": 0,
"connections": null
},
"udp": {
"operating": false,
"listening": false,
"listening_num": 0,
"established": false,
"established_num": 0,
"connections": null
},
"udp6": {
"operating": false,
"listening": false,
"listening_num": 0,
"established": false,
"established_num": 0,
"connections": null
},
"icmp": {
"operating": false,
"listening": false,
"listening_num": 0,
"established": false,
"established_num": 0,
"connections": null
},
"icmp6": {
"operating": false,
"listening": false,
"listening_num": 0,
"established": false,
"established_num": 0,
"connections": null
},
"raw": {
"operating": false,
"listening": false,
"listening_num": 0,
"established": false,
"established_num": 0,
"connections": null
},
"raw6": {
"operating": false,
"listening": false,
"listening_num": 0,
"established": false,
"established_num": 0,
"connections": null
},
"sctp": {
"operating": false,
"listening": false,
"listening_num": 0,
"established": false,
"established_num": 0,
"connections": null
}
},
"hash": {
"md5": "",
"sha1": "",
"sha256": "",
"sha512": ""
},
"file": {
"date": {
"created": "",
"created_minutes": 0,
"modified": "",
"modified_minutes": 0,
"accessed": "",
"accessed_minutes": 0
},
"inode": 0,
"device": 0,
"rdevice": 0,
"nlink": 0,
"mode": "",
"uid": 0,
"uid_name": "",
"gid": 0,
"gid_name": "",
"size": 0,
"size_byte_count": 0,
"size_mismatch": false,
"blksize": 0,
"blocks": 0,
"path": "",
"path_root": "",
"path_link": "",
"name": "",
"extension": "",
"flags": {
"directory": false,
"regular": false,
"link": false,
"suid": false,
"suid_root": false,
"sgid": false,
"sgid_root": false,
"socket": false,
"device": false,
"char_device": false,
"named_pipe": false,
"sticky": false,
"immutable": false,
"hidden": false,
"deleted": false
},
"entropy": 0,
"hash": {
"md5": "",
"sha1": "",
"sha256": "",
"sha512": ""
},
"magic_num": {
"hex": "",
"text": "",
"type": "",
"class": "",
"expected_extensions": null
},
"data": null
}
} | Previous Article: | Next Article: |  |