Module Values.ProcessDetailsSource

Information about the observed process.

Sourcetype nonrec t = {
  1. name : String_.t option;
    (*

    The name of the process.

    *)
  2. executablePath : String_.t option;
    (*

    The absolute path of the process executable file.

    *)
  3. executableSha256 : String_.t option;
    (*

    The SHA256 hash of the process executable.

    *)
  4. namespacePid : Integer.t option;
    (*

    The ID of the child process.

    *)
  5. pwd : String_.t option;
    (*

    The present working directory of the process.

    *)
  6. pid : Integer.t option;
    (*

    The ID of the process.

    *)
  7. startTime : Timestamp.t option;
    (*

    The time when the process started. This is in UTC format.

    *)
  8. uuid : String_.t option;
    (*

    The unique ID assigned to the process by GuardDuty.

    *)
  9. parentUuid : String_.t option;
    (*

    The unique ID of the parent process. This ID is assigned to the parent process by GuardDuty.

    *)
  10. user : String_.t option;
    (*

    The user that executed the process.

    *)
  11. userId : Integer.t option;
    (*

    The unique ID of the user that executed the process.

    *)
  12. euid : Integer.t option;
    (*

    The effective user ID of the user that executed the process.

    *)
  13. lineage : Lineage.t option;
    (*

    Information about the process's lineage.

    *)
}
Sourceval make : ?name:??? -> ?executablePath:??? -> ?executableSha256:??? -> ?namespacePid:??? -> ?pwd:??? -> ?pid:??? -> ?startTime:??? -> ?uuid:??? -> ?parentUuid:??? -> ?user:??? -> ?userId:??? -> ?euid:??? -> ?lineage:??? -> unit -> t
Sourceval to_value : t -> [> `Structure of (string * [> `Integer of Integer.t | `List of [> `Structure of (string * [> `Integer of Integer.t | `String of String_.t | `Timestamp of Timestamp.t ]) list ] list | `String of String_.t | `Timestamp of Timestamp.t ]) list ]
Sourceval to_query : t -> Awso.Client.Query.t
Sourceval of_xml : Awso.Xml.t -> t
Sourceval of_string : string -> t
Sourceval of_json : Yojson.Safe.t -> t
Sourceval to_json : t -> Yojson.Safe.t