Values.RuntimeContextSourceAdditional information about the suspicious activity.
type nonrec t = {modifyingProcess : ProcessDetails.t option;Information about the process that modified the current process. This is available for multiple finding types.
*)modifiedAt : Timestamp.t option;The timestamp at which the process modified the current process. The timestamp is in UTC date string format.
*)scriptPath : String_.t option;The path to the script that was executed.
*)libraryPath : String_.t option;The path to the new library that was loaded.
*)ldPreloadValue : String_.t option;The value of the LD_PRELOAD environment variable.
*)socketPath : String_.t option;The path to the docket socket that was accessed.
*)runcBinaryPath : String_.t option;The path to the leveraged runc implementation.
*)releaseAgentPath : String_.t option;The path in the container that modified the release agent file.
*)mountSource : String_.t option;The path on the host that is mounted by the container.
*)mountTarget : String_.t option;The path in the container that is mapped to the host directory.
*)fileSystemType : String_.t option;Represents the type of mounted fileSystem.
*)flags : FlagsList.t option;Represents options that control the behavior of a runtime operation or action. For example, a filesystem mount operation may contain a read-only flag.
*)moduleName : String_.t option;The name of the module loaded into the kernel.
*)moduleFilePath : String_.t option;The path to the module loaded into the kernel.
*)moduleSha256 : String_.t option;The SHA256 hash of the module.
*)shellHistoryFilePath : String_.t option;The path to the modified shell history file.
*)targetProcess : ProcessDetails.t option;Information about the process that had its memory overwritten by the current process.
*)addressFamily : String_.t option;Represents the communication protocol associated with the address. For example, the address family AF_INET is used for IP version of 4 protocol.
*)ianaProtocolNumber : Integer.t option;Specifies a particular protocol within the address family. Usually there is a single protocol in address families. For example, the address family AF_INET only has the IP protocol.
*)memoryRegions : MemoryRegionsList.t option;Specifies the Region of a process's address space such as stack and heap.
*)toolName : String_.t option;Name of the potentially suspicious tool.
*)toolCategory : String_.t option;Category that the tool belongs to. Some of the examples are Backdoor Tool, Pentest Tool, Network Scanner, and Network Sniffer.
*)serviceName : String_.t option;Name of the security service that has been potentially disabled.
*)commandLineExample : String_.t option;Example of the command line involved in the suspicious activity.
*)threatFilePath : String_.t option;The suspicious file path for which the threat intelligence details were found.
*)}val make :
?modifyingProcess:??? ->
?modifiedAt:??? ->
?scriptPath:??? ->
?libraryPath:??? ->
?ldPreloadValue:??? ->
?socketPath:??? ->
?runcBinaryPath:??? ->
?releaseAgentPath:??? ->
?mountSource:??? ->
?mountTarget:??? ->
?fileSystemType:??? ->
?flags:??? ->
?moduleName:??? ->
?moduleFilePath:??? ->
?moduleSha256:??? ->
?shellHistoryFilePath:??? ->
?targetProcess:??? ->
?addressFamily:??? ->
?ianaProtocolNumber:??? ->
?memoryRegions:??? ->
?toolName:??? ->
?toolCategory:??? ->
?serviceName:??? ->
?commandLineExample:??? ->
?threatFilePath:??? ->
unit ->
tval to_value :
t ->
[> `Structure of
(string
* [> `Integer of Integer.t
| `List of [> `String of String_.t ] list
| `String of String_.t
| `Structure of
(string
* [> `Integer of Integer.t
| `List of
[> `Structure of
(string
* [> `Integer of Integer.t
| `String of String_.t
| `Timestamp of Timestamp.t ])
list ]
list
| `String of String_.t
| `Timestamp of Timestamp.t ])
list
| `Timestamp of Timestamp.t ])
list ]