Terjemahan disediakan oleh mesin penerjemah. Jika konten terjemahan yang diberikan bertentangan dengan versi bahasa Inggris aslinya, utamakan versi bahasa Inggris.
Penyaringan temuan di GuardDuty
Filter temuan memungkinkan Anda melihat temuan yang sesuai dengan kriteria yang Anda tentukan dan memfilter temuan yang tidak sesuai. Anda dapat dengan mudah membuat filter pencarian menggunakan GuardDuty konsol Amazon, atau Anda dapat membuatnya dengan CreateFilterAPI menggunakan JSON. Tinjau bagian berikut untuk memahami cara membuat filter di konsol. Untuk menggunakan filter ini untuk mengarsipkan temuan yang masuk secara otomatis, lihatAturan penindasan di GuardDuty.
Saat Anda membuat filter, pertimbangkan daftar berikut:
-
Anda dapat menentukan minimum satu atribut dan maksimum hingga 50 atribut sebagai kriteria untuk filter tertentu.
-
Saat Anda menggunakan operator Sama atau Tidak sama dengan untuk memfilter nilai atribut, seperti ID Akun, Anda dapat menentukan maksimum 50 nilai.
-
Setiap atribut kriteria filter dievaluasi sebagai operator
AND. Beberapa nilai untuk atribut yang sama dievaluasi sebagaiAND/OR. -
Untuk informasi tentang jumlah maksimum filter tersimpan yang dapat Anda buat Akun AWS di masing-masing filter Wilayah AWS, lihatGuardDuty kuota.
-
service.additionalInfoBidang di bawah ditentukan menggunakan jalur JSON lengkapnya, sama seperti bidang lainnya. Sebagai contoh:{ "service.additionalInfo.sample": { "Equals": ["true"] } }. -
Bidang stempel waktu menerima nilai dalam format milidetik Unix Epoch (misalnya,).
1486685375000Untuk daftar lengkap bidang stempel waktu, lihat catatan di bawah ini.
Bagian berikut memberikan petunjuk tentang cara membuat dan menyimpan filter menggunakan GuardDuty konsol, dan perintah API dan CLI. Pilih metode akses pilihan Anda untuk melanjutkan.
Membuat dan menyimpan set filter di GuardDuty konsol
Filter pencarian dapat dibuat dan diuji melalui GuardDuty konsol. Anda dapat menyimpan filter yang dibuat melalui konsol untuk digunakan dalam aturan penekanan atau operasi filter mendatang. Filter terbuat dari setidaknya satu kriteria filter. Terdiri dari satu atribut filter yang dipasangkan dengan setidaknya satu nilai.
Untuk membuat dan menyimpan kriteria filter (konsol)
Masuk ke Konsol Manajemen AWS dan buka GuardDuty konsol di https://console.aws.amazon.com/guardduty/
. -
Di panel navigasi kiri, pilih Temuan.
-
Pada halaman Temuan, pilih bilah Filter temuan di sebelah menu Aturan tersimpan. Ini akan menampilkan daftar filter Properti yang diperluas.
-
Dari daftar filter yang diperluas, pilih atribut berdasarkan mana Anda ingin memfilter tabel temuan.
Misalnya, untuk melihat temuan yang sumber daya yang berpotensi terkena dampak adalah S3Bucket, pilih tipe Resource.
-
Untuk Operator, pilih salah satu yang akan membantu Anda memfilter temuan untuk mendapatkan hasil yang diinginkan. Untuk melanjutkan contoh dari langkah sebelumnya, pilih Jenis sumber daya =. Ini akan menampilkan daftar jenis sumber daya di GuardDuty.
Jika kasus penggunaan Anda mengharuskan mengecualikan temuan spesifik, Anda dapat memilih Tidak sama atau! = operator.
-
Tentukan nilai untuk filter properti yang dipilih. Jika perlu, pilih Terapkan. Untuk melanjutkan contoh dari langkah sebelumnya, Anda dapat memilih S3Bucket.
Ini akan menampilkan temuan yang cocok dengan filter yang diterapkan.
-
Untuk menambahkan lebih dari satu kriteria filter, ulangi langkah 3-6.
Untuk daftar lengkap atribut, lihatFilter properti di GuardDuty.
-
(Opsional) simpan atribut dan nilai yang ditentukan sebagai filter
Untuk menerapkan kombinasi filter ini lagi di masa mendatang, Anda dapat menyimpan atribut yang ditentukan dan nilainya sebagai set filter.
-
Setelah Anda membuat kriteria filter dengan satu atau beberapa filter properti, pilih panah di menu Hapus filter.
-
Masukkan nama set filter. Nama harus 3-64 karakter. Karakter yang valid adalah a-z, A-Z, 0-9, periode (.), tanda hubung (-), dan garis bawah (_).
-
Deskripsi adalah opsional. Jika Anda memasukkan deskripsi, itu dapat memiliki hingga 512 karakter.
-
Pilih Buat.
-
Membuat dan menyimpan set filter dengan menggunakan GuardDuty API dan CLI
Anda dapat membuat dan menguji filter temuan dengan menggunakan perintah API atau CLI. Filter terbuat dari setidaknya satu kriteria filter. Terdiri dari satu atribut filter yang dipasangkan dengan setidaknya satu nilai. Anda dapat menyimpan filter untuk membuat Aturan penekanan atau melakukan operasi filter lainnya nanti.
Untuk membuat filter pencarian menggunakan API/CLI
-
Jalankan CreateFilterAPI dengan menggunakan ID detektor regional Akun AWS tempat Anda ingin membuat filter.
Untuk menemukan akun Anda dan Wilayah saat ini, lihat halaman Pengaturan di https://console.aws.amazon.com/guardduty/
konsol, atau jalankan ListDetectorsAPI. detectorId -
Atau, Anda dapat menggunakan CLI create-filter
untuk membuat dan menyimpan filter. Anda dapat menggunakan satu atau beberapa kriteria filter dariFilter properti di GuardDuty. Gunakan contoh berikut dengan mengganti nilai placeholder yang ditunjukkan dengan warna merah.
- Contoh 1: Buat filter baru untuk melihat semua temuan yang cocok dengan jenis temuan tertentu
-
Contoh berikut membuat filter yang cocok dengan semua
PortScantemuan untuk instance yang dibuat dari gambar tertentu. Nilai placeholder ditampilkan dalam warna merah. Ganti nilai-nilai ini dengan nilai yang sesuai untuk akun Anda. Misalnya, ganti12abc34d567e8fa901bc2d34EXAMPLEdengan ID detektor regional Anda.aws guardduty create-filter \ --detector-id12abc34d567e8fa901bc2d34EXAMPLE\ --nameFilterExampleName\ --finding-criteria '{"Criterion": {"type": {"Equals": ["}, "Recon:EC2/Portscan"]resource.instanceDetails.imageId": {"Equals":["ami-0a7a207083example"]}} }' - Contoh 2: Buat filter baru untuk melihat semua temuan yang cocok dengan tingkat keparahan
-
Contoh berikut membuat filter yang cocok dengan semua temuan yang terkait dengan
HIGHtingkat keparahan. Nilai placeholder ditampilkan dalam warna merah. Ganti nilai-nilai ini dengan nilai yang sesuai untuk akun Anda. Misalnya, ganti12abc34d567e8fa901bc2d34EXAMPLEdengan ID detektor regional Anda.aws guardduty create-filter \ --detector-id12abc34d567e8fa901bc2d34EXAMPLE\ --nameFilterExampleName\ --finding-criteria '{"Criterion": {"severity": {"Equals": ["}} }'7", "8"]
-
Untuk API/CLI, Temuan tingkat keparahan direpresentasikan sebagai angka. Untuk menyaring temuan berdasarkan tingkat keparahan, gunakan nilai berikut:
-
Untuk
LOWtingkat keparahan, gunakan{ "severity": { "Equals": ["1", "2", "3"] } } -
Untuk
MEDIUMtingkat keparahan, gunakan{ "severity": { "Equals": ["4", "5", "6"] } } -
Untuk
HIGHtingkat keparahan, gunakan{ "severity": { "Equals": ["7", "8"] } } -
Untuk
CRITICALtingkat keparahan, gunakan{ "severity": { "Equals": ["9", "10"] } } -
Untuk temuan dengan beberapa tingkat keparahan, gunakan nilai placeholder yang mirip dengan contoh berikut:
{ "severity": { "Equals": ["7", "8", "9", "10"] } }Contoh ini akan menunjukkan temuan yang memiliki
CRITICALtingkat keparahanHIGHatau tingkat keparahan.catatan
Jika Anda menentukan contoh dengan hanya satu nilai numerik, bukan semua nilai numerik yang terkait dengan tingkat keparahan, API dan CLI mungkin menampilkan temuan yang difilter. Saat Anda menggunakan set filter tersimpan ini di GuardDuty konsol, itu tidak akan berfungsi seperti yang diharapkan. Ini karena GuardDuty konsol menganggap nilai filter sebagai
CRITICAL,,HIGHMEDIUM, danLOW. Misalnya, filter yang dibuat dengan perintah CLI yang menyertakan{ "severity": { "Equals": ["9"] } }diharapkan menampilkan output yang sesuai. API/CLI Namun, filter yang disimpan ini mencakup tingkat keparahan sebagian saat digunakan di GuardDuty konsol dan tidak akan menampilkan output yang diharapkan. Hal ini membuat API dan CLI perlu menentukan semua nilai yang terkait dengan setiap tingkat keparahan.
-
Filter properti di GuardDuty
Apabila Anda membuat filter atau mengurutkan temuan menggunakan operasi API, Anda harus menentukan kriteria filter di JSON. Kriteria filter ini berkorelasi dengan detail JSON temuan. Tabel berikut berisi daftar nama tampilan konsol untuk atribut filter dan nama bidang JSON setaranya.
Nama bidang konsol |
Nama bidang JSON |
|---|---|
account-id |
accountId |
ID Temuan |
id |
Region |
region |
Kepelikan |
kepelikan Anda dapat memfilter jenis temuan berdasarkan tingkat keparahan jenis temuan. Untuk informasi lebih lanjut tentang nilai tingkat keparahan, lihatTingkat keparahan GuardDuty temuan. Jika Anda menggunakan |
Tipe temuan |
jenis |
Diperbarui pada |
updatedAt |
Access key ID |
resource.access KeyDetails.accessKeyId |
ID principal |
resource.access KeyDetails.principalId |
nama pengguna |
resource.access KeyDetails.userName |
Jenis pengguna |
resource.access KeyDetails.userType |
ID profil instans IAM |
resource.instance Details.iamInstanceProfile.id |
ID Instans |
resource.instance Details.instanceId |
ID citra instans |
resource.instance Details.imageId |
Kunci tag contoh |
resource.instance Details.tags.key |
Nilai tag instance |
resource.instance Details.tags.value |
Alamat IPv6 |
resource.instance Details.networkInterfaces.ipv6Addresses |
Alamat IPv4 privat |
resource.instance Details.networkInterfaces.privateIpAddresses.privateIpAddress |
Nama DNS publik |
resource.instance Details.networkInterfaces.publicDnsName |
IP Publik |
resource.instance Details.networkInterfaces.publicIp |
ID grup keamanan |
resource.instance Details.networkInterfaces.securityGroups.groupId |
Nama grup keamanan |
resource.instance Details.networkInterfaces.securityGroups.groupName |
ID Subnet |
resource.instance Details.networkInterfaces.subnetId |
VPC ID |
resource.instance Details.networkInterfaces.vpcId |
ARN Outpost |
resource.instance Details.outpostARN |
Tipe sumber daya |
resource.resourceType |
Izin bucket |
sumber daya.s3 BucketDetails.publicAccess.effectivePermission |
Nama Bucket |
sumber daya.s3 BucketDetails.name |
Kunci tanda bucket |
sumber daya.s3 BucketDetails.tags.key |
Nilai tanda bucket |
sumber daya.s3 BucketDetails.tags.value |
Tipe bucket |
sumber daya.s3 BucketDetails.type |
Tipe tindakan |
service.action.actionType |
Panggilan API |
service.action.aws ApiCallAction.api |
Tipe pemanggil API |
service.action.aws ApiCallAction.callerType |
Kode Kesalahan API |
service.action.aws ApiCallAction.errorCode |
Kota pemanggil API |
service.action.aws ApiCallAction.remoteIpDetails.city.cityName |
Negara pemanggil API |
service.action.aws ApiCallAction.remoteIpDetails.country.countryName |
Alamat IPv4 pemanggil API |
service.action.aws ApiCallAction.remoteIpDetails.ipAddressV4 |
Alamat IPv6 pemanggil API |
service.action.aws ApiCallAction.remoteIpDetails.ipAddressV6 |
ID ASN pemanggil API |
service.action.aws ApiCallAction.remoteIpDetails.organization.asn |
Nama ASN pemanggil API |
service.action.aws ApiCallAction.remoteIpDetails.organization.asnOrg |
Nama layanan pemanggil API |
service.action.aws ApiCallAction.serviceName |
Domain permintaan DNS |
service.action.dns RequestAction.domain |
Akhiran domain permintaan DNS |
service.action.dns RequestAction.domainWithSuffix |
Koneksi jaringan diblokir |
service.action.network ConnectionAction.blocked |
Arah koneksi jaringan |
service.action.network ConnectionAction.connectionDirection |
Port lokal koneksi jaringan |
service.action.network ConnectionAction.localPortDetails.port |
Protokol koneksi jaringan |
service.action.network ConnectionAction.protocol |
Kota koneksi jaringan |
service.action.network ConnectionAction.remoteIpDetails.city.cityName |
Negara koneksi jaringan |
service.action.network ConnectionAction.remoteIpDetails.country.countryName |
Alamat IPv4 jarak jauh koneksi jaringan |
service.action.network ConnectionAction.remoteIpDetails.ipAddressV4 |
Koneksi jaringan alamat IPv6 jarak jauh |
service.action.network ConnectionAction.remoteIpDetails.ipAddressV6 |
ID ASN IP jarak jauh koneksi jaringan |
service.action.network ConnectionAction.remoteIpDetails.organization.asn |
Nama ASN IP jarak jauh koneksi jaringan |
service.action.network ConnectionAction.remoteIpDetails.organization.asnOrg |
Port jarak jauh koneksi jaringan |
service.action.network ConnectionAction.remotePortDetails.port |
Akun jarak jauh berafiliasi |
service.action.aws ApiCallAction.remoteAccountDetails.affiliated |
Alamat IPv4 pemanggil API Kubernetes |
service.action.kubernetes ApiCallAction.remoteIpDetails.ipAddressV4 |
Alamat IPv6 pemanggil API Kubernetes |
service.action.kubernetes ApiCallAction.remoteIpDetails.ipAddressV6 |
Namespace Kubernetes |
service.action.kubernetes ApiCallAction.namespace |
ID ASN pemanggil API Kubernetes |
service.action.kubernetes ApiCallAction.remoteIpDetails.organization.asn |
URI permintaan panggilan API Kubernetes |
service.action.kubernetes ApiCallAction.requestUri |
Kode status API Kubernetes |
service.action.kubernetes ApiCallAction.statusCode |
Koneksi jaringan alamat IPv4 lokal |
service.action.network ConnectionAction.localIpDetails.ipAddressV4 |
Koneksi jaringan alamat IPv6 lokal |
service.action.network ConnectionAction.localIpDetails.ipAddressV6 |
Protokol |
service.action.network ConnectionAction.protocol |
Nama layanan panggilan API |
service.action.aws ApiCallAction.serviceName |
ID akun pemanggil API |
service.action.aws ApiCallAction.remoteAccountDetails.accountId |
Nama daftar ancaman |
layanan.tambahan Info.threatListName |
Peran sumber daya |
service.resourceRole |
Nama cluster EKS |
sumber daya.eks ClusterDetails.name |
Nama beban kerja Kubernetes |
resource.kubernetes Details.kubernetesWorkloadDetails.name |
Namespace beban kerja Kubernetes |
resource.kubernetes Details.kubernetesWorkloadDetails.namespace |
Nama pengguna Kubernetes |
resource.kubernetes Details.kubernetesUserDetails.username |
Gambar kontainer Kubernetes |
resource.kubernetes Details.kubernetesWorkloadDetails.containers.image |
Awalan gambar kontainer Kubernetes |
resource.kubernetes Details.kubernetesWorkloadDetails.containers.imagePrefix |
Pindai ID |
service.ebs VolumeScanDetails.scanId |
Nama ancaman pemindaian volume EBS |
service.ebs VolumeScanDetails.scanDetections.threatDetectedByName.threatNames.name |
Nama ancaman pemindaian objek S3 |
layanan.malware ScanDetails.threats.name |
Tingkat keparahan ancaman |
service.ebs VolumeScanDetails.scanDetections.threatDetectedByName.threatNames.severity |
Berkas SHA |
service.ebs VolumeScanDetails.scanDetections.threatDetectedByName.threatNames.filePaths.hash |
Nama cluster ECS |
sumber daya.ecs ClusterDetails.name |
Gambar kontainer ECS |
sumber daya.ecs ClusterDetails.taskDetails.containers.image |
Definisi tugas ECS ARN |
sumber daya.ecs ClusterDetails.taskDetails.definitionArn |
Gambar wadah mandiri |
resource.container Details.image |
Id Instans Database |
resource.rds DbInstanceDetails.dbInstanceIdentifier |
Id Kluster Basis Data |
resource.rds DbInstanceDetails.dbClusterIdentifier |
Mesin basis data |
resource.rds DbInstanceDetails.engine |
Pengguna basis data |
resource.rds DbUserDetails.user |
Dapat dieksekusi SHA-256 |
service.runtime Details.process.executableSha256 |
Nama proses |
service.runtime Details.process.name |
Jalur yang dapat dieksekusi |
service.runtime Details.process.executablePath |
Nama fungsi Lambda |
sumber daya.lambda Details.functionName |
Fungsi Lambda ARN |
sumber daya.lambda Details.functionArn |
Tombol tag fungsi Lambda |
sumber daya.lambda Details.tags.key |
Nilai tag fungsi Lambda |
sumber daya.lambda Details.tags.value |
Domain permintaan DNS |
service.action.dns RequestAction.domainWithSuffix |
Semua bidang temuan lainnya (tercantum di bawah) hanya tersedia sebagai kriteria filter aturan penekanan (menggunakan CreateFilterdan UpdateFilter). Bidang ini tidak didukung oleh operasi API lainnya. Aturan penindasan yang menggunakan bidang ini harus dibuat atau diperbarui melalui API. Bidang ini hanya dapat diterapkan untuk filter dengan ARCHIVE tindakan.
catatan
Bidang berikut menerima nilai stempel waktu dalam format milidetik Unix Epoch (misalnya, 1262309025000 mewakili Jumat, 1 Januari 2010 pukul 1:23:45 GMT):
createdAt
updatedAt
service.event FirstSeen
service.event LastSeen
resource.instance Details.launchTime
sumber daya.lambda Details.lastModifiedAt
sumber daya.s3 BucketDetails.createdAt
sumber daya.eks ClusterDetails.createdAt
sumber daya.ecs ClusterDetails.taskDetails.createdAt
sumber daya.ecs ClusterDetails.taskDetails.startedAt
service.ebs VolumeScanDetails.scanStartedAt
service.ebs VolumeScanDetails.scanCompletedAt
service.runtime Details.context.modifiedAt
service.runtime Details.context.modifyingProcess.startTime
service.runtime Details.context.modifyingProcess.lineage.startTime
service.runtime Details.context.targetProcess.startTime
service.runtime Details.context.targetProcess.lineage.startTime
service.runtime Details.process.startTime
service.runtime Details.process.lineage.startTime
Service.detection.sequence.actors.session.createdTime
Service.detection.sequence.signals.createdat
Service.detection.sequence.signals.updateDat
service.detection.sequence.signals.first SeenAt
service.detection.sequence.signals.last SeenAt
service.detection.sequence.resources.data.s3 Bucket.createdAt
service.detection.sequence.resources.data.ecs Task.createdAt
service.detection.sequence.resources.data.eks Cluster.createdAt
Nama bidang JSON |
|---|
arn |
terkait AttackSequenceArn |
createdAt |
partisi |
resource.access KeyDetails.userIdentity.accessKeyId |
resource.access KeyDetails.userIdentity.accountId |
resource.access KeyDetails.userIdentity.arn |
resource.access KeyDetails.userIdentity.principalId |
resource.access KeyDetails.userIdentity.sessionContext.attributes.mfaAuthenticated |
resource.access KeyDetails.userIdentity.sessionContext.ec2RoleDelivery |
resource.access KeyDetails.userIdentity.sessionContext.invokedBy |
resource.access KeyDetails.userIdentity.sessionContext.sessionIssuer.accountId |
resource.access KeyDetails.userIdentity.sessionContext.sessionIssuer.arn |
resource.access KeyDetails.userIdentity.sessionContext.sessionIssuer.principalId |
resource.access KeyDetails.userIdentity.sessionContext.sessionIssuer.type |
resource.access KeyDetails.userIdentity.sessionContext.sessionIssuer.userName |
resource.access KeyDetails.userIdentity.sessionContext.sourceIdentity |
resource.access KeyDetails.userIdentity.sessionContext.webIdFederationData.attributes |
resource.access KeyDetails.userIdentity.sessionContext.webIdFederationData.federatedProvider |
resource.access KeyDetails.userIdentity.type |
resource.access KeyDetails.userIdentity.userName |
sumber daya.bedrock GuardrailDetails.guardrailArn |
sumber daya.bedrock GuardrailDetails.guardrailVersion |
resource.container Details.containerRuntime |
resource.container Details.imagePrefix |
resource.container Details.securityContext.allowPrivilegeEscalation |
resource.container Details.securityContext.privileged |
resource.container Details.volumeMounts.mountPath |
resource.container Details.volumeMounts.name |
sumber daya.ebs VolumeDetails.scannedVolumeDetails.deviceName |
sumber daya.ebs VolumeDetails.scannedVolumeDetails.encryptionType |
sumber daya.ebs VolumeDetails.scannedVolumeDetails.kmsKeyArn |
sumber daya.ebs VolumeDetails.scannedVolumeDetails.snapshotArn |
sumber daya.ebs VolumeDetails.scannedVolumeDetails.volumeArn |
sumber daya.ebs VolumeDetails.scannedVolumeDetails.volumeSizeInGB |
sumber daya.ebs VolumeDetails.scannedVolumeDetails.volumeType |
sumber daya.ebs VolumeDetails.skippedVolumeDetails.deviceName |
sumber daya.ebs VolumeDetails.skippedVolumeDetails.encryptionType |
sumber daya.ebs VolumeDetails.skippedVolumeDetails.kmsKeyArn |
sumber daya.ebs VolumeDetails.skippedVolumeDetails.snapshotArn |
sumber daya.ebs VolumeDetails.skippedVolumeDetails.volumeArn |
sumber daya.ebs VolumeDetails.skippedVolumeDetails.volumeSizeInGB |
sumber daya.ebs VolumeDetails.skippedVolumeDetails.volumeType |
sumber daya.ecs ClusterDetails.activeServicesCount |
sumber daya.ecs ClusterDetails.arn |
sumber daya.ecs ClusterDetails.registeredContainerInstancesCount |
sumber daya.ecs ClusterDetails.runningTasksCount |
sumber daya.ecs ClusterDetails.status |
sumber daya.ecs ClusterDetails.tags.key |
sumber daya.ecs ClusterDetails.tags.value |
sumber daya.ecs ClusterDetails.taskDetails.arn |
sumber daya.ecs ClusterDetails.taskDetails.containers.containerRuntime |
sumber daya.ecs ClusterDetails.taskDetails.containers.id |
sumber daya.ecs ClusterDetails.taskDetails.containers.imagePrefix |
sumber daya.ecs ClusterDetails.taskDetails.containers.name |
sumber daya.ecs ClusterDetails.taskDetails.containers.securityContext.allowPrivilegeEscalation |
sumber daya.ecs ClusterDetails.taskDetails.containers.securityContext.privileged |
sumber daya.ecs ClusterDetails.taskDetails.containers.volumeMounts.mountPath |
sumber daya.ecs ClusterDetails.taskDetails.containers.volumeMounts.name |
sumber daya.ecs ClusterDetails.taskDetails.createdAt |
sumber daya.ecs ClusterDetails.taskDetails.group |
sumber daya.ecs ClusterDetails.taskDetails.launchType |
sumber daya.ecs ClusterDetails.taskDetails.startedAt |
sumber daya.ecs ClusterDetails.taskDetails.startedBy |
sumber daya.ecs ClusterDetails.taskDetails.tags.key |
sumber daya.ecs ClusterDetails.taskDetails.tags.value |
sumber daya.ecs ClusterDetails.taskDetails.version |
sumber daya.ecs ClusterDetails.taskDetails.volumes.hostPath.path |
sumber daya.ecs ClusterDetails.taskDetails.volumes.name |
sumber daya.eks ClusterDetails.arn |
sumber daya.eks ClusterDetails.createdAt |
sumber daya.eks ClusterDetails.status |
sumber daya.eks ClusterDetails.tags.key |
sumber daya.eks ClusterDetails.tags.value |
sumber daya.eks ClusterDetails.vpcId |
resource.instance Details.iamInstanceProfile.arn |
resource.instance Details.instanceState |
resource.instance Details.instanceType |
resource.instance Details.launchTime |
resource.instance Details.networkInterfaces.networkInterfaceId |
resource.instance Details.networkInterfaces.privateDnsName |
resource.instance Details.networkInterfaces.privateIpAddress |
resource.instance Details.networkInterfaces.privateIpAddresses.privateDnsName |
resource.instance Details.platform |
resource.instance Details.productCodes.productCodeId |
resource.instance Details.productCodes.productCodeType |
resource.kubernetes Details.kubernetesUserDetails.groups |
resource.kubernetes Details.kubernetesUserDetails.impersonatedUser.groups |
resource.kubernetes Details.kubernetesUserDetails.impersonatedUser.username |
resource.kubernetes Details.kubernetesUserDetails.sessionName |
resource.kubernetes Details.kubernetesUserDetails.uid |
resource.kubernetes Details.kubernetesWorkloadDetails.containers.containerRuntime |
resource.kubernetes Details.kubernetesWorkloadDetails.containers.id |
resource.kubernetes Details.kubernetesWorkloadDetails.containers.name |
resource.kubernetes Details.kubernetesWorkloadDetails.containers.securityContext.allowPrivilegeEscalation |
resource.kubernetes Details.kubernetesWorkloadDetails.containers.securityContext.privileged |
resource.kubernetes Details.kubernetesWorkloadDetails.containers.volumeMounts.mountPath |
resource.kubernetes Details.kubernetesWorkloadDetails.containers.volumeMounts.name |
resource.kubernetes Details.kubernetesWorkloadDetails.hostIpc |
resource.kubernetes Details.kubernetesWorkloadDetails.hostNetwork |
resource.kubernetes Details.kubernetesWorkloadDetails.hostPid |
resource.kubernetes Details.kubernetesWorkloadDetails.serviceAccountName |
resource.kubernetes Details.kubernetesWorkloadDetails.type |
resource.kubernetes Details.kubernetesWorkloadDetails.uid |
resource.kubernetes Details.kubernetesWorkloadDetails.volumes.hostPath.path |
resource.kubernetes Details.kubernetesWorkloadDetails.volumes.name |
sumber daya.lambda Details.description |
sumber daya.lambda Details.lastModifiedAt |
sumber daya.lambda Details.revisionId |
sumber daya.lambda Details.vpcConfig.securityGroups.groupId |
sumber daya.lambda Details.vpcConfig.securityGroups.groupName |
sumber daya.lambda Details.vpcConfig.subnetIds |
sumber daya.lambda Details.vpcConfig.vpcId |
resource.rds DbInstanceDetails.dbInstanceArn |
resource.rds DbInstanceDetails.dbiResourceId |
resource.rds DbInstanceDetails.dbSecurityGroups.name |
resource.rds DbInstanceDetails.dbSecurityGroups.status |
resource.rds DbInstanceDetails.engineVersion |
resource.rds DbInstanceDetails.iamDatabaseAuthenticationEnabled |
resource.rds DbInstanceDetails.publiclyAccessible |
resource.rds DbInstanceDetails.vpcId |
resource.rds DbInstanceDetails.vpcSecurityGroups.status |
resource.rds DbInstanceDetails.vpcSecurityGroups.vpcSecurityGroupId |
resource.rds DbUserDetails.application |
resource.rds DbUserDetails.authMethod |
resource.rds DbUserDetails.database |
resource.rds DbUserDetails.ssl |
resource.rds LimitlessDbDetails.dbClusterIdentifier |
resource.rds LimitlessDbDetails.dbShardGroupArn |
resource.rds LimitlessDbDetails.dbShardGroupIdentifier |
resource.rds LimitlessDbDetails.dbShardGroupResourceId |
resource.rds LimitlessDbDetails.engine |
resource.rds LimitlessDbDetails.engineVersion |
resource.rds LimitlessDbDetails.tags.key |
resource.rds LimitlessDbDetails.tags.value |
sumber daya.s3 BucketDetails.arn |
sumber daya.s3 BucketDetails.createdAt |
sumber daya.s3 BucketDetails.defaultServerSideEncryption.encryptionType |
sumber daya.s3 BucketDetails.defaultServerSideEncryption.kmsMasterKeyArn |
sumber daya.s3 BucketDetails.owner.id |
sumber daya.s3 BucketDetails.publicAccess.permissionConfiguration.accountLevelPermissions.blockPublicAccess.blockPublicAcls |
sumber daya.s3 BucketDetails.publicAccess.permissionConfiguration.accountLevelPermissions.blockPublicAccess.blockPublicPolicy |
sumber daya.s3 BucketDetails.publicAccess.permissionConfiguration.accountLevelPermissions.blockPublicAccess.ignorePublicAcls |
sumber daya.s3 BucketDetails.publicAccess.permissionConfiguration.accountLevelPermissions.blockPublicAccess.restrictPublicBuckets |
sumber daya.s3 BucketDetails.publicAccess.permissionConfiguration.bucketLevelPermissions.accessControlList.allowsPublicReadAccess |
sumber daya.s3 BucketDetails.publicAccess.permissionConfiguration.bucketLevelPermissions.accessControlList.allowsPublicWriteAccess |
sumber daya.s3 BucketDetails.publicAccess.permissionConfiguration.bucketLevelPermissions.blockPublicAccess.blockPublicAcls |
sumber daya.s3 BucketDetails.publicAccess.permissionConfiguration.bucketLevelPermissions.blockPublicAccess.blockPublicPolicy |
sumber daya.s3 BucketDetails.publicAccess.permissionConfiguration.bucketLevelPermissions.blockPublicAccess.ignorePublicAcls |
sumber daya.s3 BucketDetails.publicAccess.permissionConfiguration.bucketLevelPermissions.blockPublicAccess.restrictPublicBuckets |
sumber daya.s3 BucketDetails.publicAccess.permissionConfiguration.bucketLevelPermissions.bucketPolicy.allowsPublicReadAccess |
sumber daya.s3 BucketDetails.publicAccess.permissionConfiguration.bucketLevelPermissions.bucketPolicy.allowsPublicWriteAccess |
sumber daya.s3 BucketDetails.s3ObjectDetails.eTag |
sumber daya.s3 BucketDetails.s3ObjectDetails.hash |
sumber daya.s3 BucketDetails.s3ObjectDetails.key |
sumber daya.s3 BucketDetails.s3ObjectDetails.objectArn |
sumber daya.s3 BucketDetails.s3ObjectDetails.versionId |
schemaVersion |
service.action.aws ApiCallAction.domainDetails.domain |
service.action.aws ApiCallAction.remoteIpDetails.country.countryCode |
service.action.aws ApiCallAction.remoteIpDetails.geoLocation.lat |
service.action.aws ApiCallAction.remoteIpDetails.geoLocation.lon |
service.action.aws ApiCallAction.remoteIpDetails.organization.isp |
service.action.aws ApiCallAction.remoteIpDetails.organization.org |
service.action.aws ApiCallAction.userAgent |
service.action.dns RequestAction.blocked |
service.action.dns RequestAction.protocol |
service.action.kubernetes ApiCallAction.parameters |
service.action.kubernetes ApiCallAction.remoteIpDetails.country.countryCode |
service.action.kubernetes ApiCallAction.remoteIpDetails.geoLocation.lat |
service.action.kubernetes ApiCallAction.remoteIpDetails.geoLocation.lon |
service.action.kubernetes ApiCallAction.resource |
service.action.kubernetes ApiCallAction.resourceName |
service.action.kubernetes ApiCallAction.sourceIPs |
service.action.kubernetes ApiCallAction.subresource |
service.action.kubernetes ApiCallAction.userAgent |
service.action.kubernetes ApiCallAction.verb |
service.action.kubernetes PermissionCheckedDetails.allowed |
service.action.kubernetes PermissionCheckedDetails.namespace |
service.action.kubernetes PermissionCheckedDetails.resource |
service.action.kubernetes PermissionCheckedDetails.verb |
service.action.kubernetes RoleBindingDetails.kind |
service.action.kubernetes RoleBindingDetails.name |
service.action.kubernetes RoleBindingDetails.roleRefKind |
service.action.kubernetes RoleBindingDetails.roleRefName |
service.action.kubernetes RoleBindingDetails.uid |
service.action.kubernetes RoleDetails.kind |
service.action.kubernetes RoleDetails.name |
service.action.kubernetes RoleDetails.uid |
service.action.network ConnectionAction.localNetworkInterface |
service.action.network ConnectionAction.localPortDetails.portName |
service.action.network ConnectionAction.remoteIpDetails.country.countryCode |
service.action.network ConnectionAction.remoteIpDetails.geoLocation.lat |
service.action.network ConnectionAction.remoteIpDetails.geoLocation.lon |
service.action.network ConnectionAction.remoteIpDetails.organization.isp |
service.action.network ConnectionAction.remoteIpDetails.organization.org |
service.action.network ConnectionAction.remotePortDetails.portName |
service.action.port ProbeAction.blocked |
service.action.port ProbeAction.portProbeDetails.localIpDetails.ipAddressV4 |
service.action.port ProbeAction.portProbeDetails.localIpDetails.ipAddressV6 |
service.action.port ProbeAction.portProbeDetails.localPortDetails.port |
service.action.port ProbeAction.portProbeDetails.localPortDetails.portName |
service.action.port ProbeAction.portProbeDetails.remoteIpDetails.city.cityName |
service.action.port ProbeAction.portProbeDetails.remoteIpDetails.country.countryCode |
service.action.port ProbeAction.portProbeDetails.remoteIpDetails.country.countryName |
service.action.port ProbeAction.portProbeDetails.remoteIpDetails.geoLocation.lat |
service.action.port ProbeAction.portProbeDetails.remoteIpDetails.geoLocation.lon |
service.action.port ProbeAction.portProbeDetails.remoteIpDetails.ipAddressV4 |
service.action.port ProbeAction.portProbeDetails.remoteIpDetails.ipAddressV6 |
service.action.port ProbeAction.portProbeDetails.remoteIpDetails.organization.asn |
service.action.port ProbeAction.portProbeDetails.remoteIpDetails.organization.asnOrg |
service.action.port ProbeAction.portProbeDetails.remoteIpDetails.organization.isp |
service.action.port ProbeAction.portProbeDetails.remoteIpDetails.organization.org |
service.action.rds LoginAttemptAction.loginAttributes.application |
service.action.rds LoginAttemptAction.loginAttributes.failedLoginAttempts |
service.action.rds LoginAttemptAction.loginAttributes.successfulLoginAttempts |
service.action.rds LoginAttemptAction.loginAttributes.user |
service.action.rds LoginAttemptAction.remoteIpDetails.city.cityName |
service.action.rds LoginAttemptAction.remoteIpDetails.country.countryCode |
service.action.rds LoginAttemptAction.remoteIpDetails.country.countryName |
service.action.rds LoginAttemptAction.remoteIpDetails.geoLocation.lat |
service.action.rds LoginAttemptAction.remoteIpDetails.geoLocation.lon |
service.action.rds LoginAttemptAction.remoteIpDetails.ipAddressV4 |
service.action.rds LoginAttemptAction.remoteIpDetails.ipAddressV6 |
service.action.rds LoginAttemptAction.remoteIpDetails.organization.asn |
service.action.rds LoginAttemptAction.remoteIpDetails.organization.asnOrg |
service.action.rds LoginAttemptAction.remoteIpDetails.organization.isp |
service.action.rds LoginAttemptAction.remoteIpDetails.organization.org |
layanan.tambahan Info.agentDetails.agentId |
layanan.tambahan Info.agentDetails.agentVersion |
layanan.tambahan Info.anomalies.anomalousAPIs |
layanan.tambahan Info.authenticationMethod |
layanan.tambahan Info.averagePacketSizeIn |
layanan.tambahan Info.averagePacketSizeOut |
layanan.tambahan Info.context |
layanan.tambahan Info.domain |
layanan.tambahan Info.inBytes |
layanan.tambahan Info.localNetworkInterfaceOwner |
layanan.tambahan Info.localPort |
layanan.tambahan Info.outBytes |
layanan.tambahan Info.packetsIn |
layanan.tambahan Info.packetsOut |
layanan.tambahan Info.policyArn |
layanan.tambahan Info.policyName |
layanan.tambahan Info.remotePort |
layanan.tambahan Info.sample |
layanan.tambahan Info.scannedPort |
layanan.tambahan Info.threatFileSha256 |
layanan.tambahan Info.threatName |
layanan.tambahan Info.totalBytesIn |
layanan.tambahan Info.totalBytesOut |
layanan.tambahan Info.type |
layanan.tambahan Info.unusual.asnOrg |
layanan.tambahan Info.unusual.port |
layanan.tambahan Info.unusualProtocol |
layanan.tambahan Info.userAgent.fullUserAgent |
layanan.tambahan Info.userAgent.userAgentCategory |
layanan.tambahan Info.value |
layanan.tambahan Info.vpcOwnerAccountId |
service.count |
service.detection.sequence.actors.id |
service.detection.sequence.actors.process.name |
service.detection.sequence.actors.process.path |
service.detection.sequence.actors.process.sha256 |
Service.detection.sequence.actors.session.createdTime |
service.detection.sequence.actors.session.issuer |
Service.detection.sequence.actors.session.mfastatus |
service.detection.sequence.actors.session.uid |
service.detection.sequence.actors.user.account.account |
service.detection.sequence.actors.user.account.uid |
Service.detection.sequence.actors.user.credentialUid |
service.detection.sequence.actors.user.name |
service.detection.sequence.actors.user.type |
service.detection.sequence.actors.user.uid |
service.detection.sequence.additional SequenceTypes |
service.detection.sequence.description |
service.detection.sequence.endpoints.autonomous System.name |
service.detection.sequence.endpoints.autonomous System.number |
service.detection.sequence.endpoints.connection.direction |
service.detection.sequence.endpoints.domain |
service.detection.sequence.endpoints.id |
service.detection.sequence.endpoints.ip |
service.detection.sequence.endpoints.location.city |
service.detection.sequence.endpoints.location.country |
service.detection.sequence.endpoints.location.lat |
service.detection.sequence.endpoints.location.lon |
service.detection.sequence.endpoints.port |
Service.detection.sequence.resources.accountID |
Service.detection.sequence.resources.cloudpartition |
service.detection.sequence.resources.data.access Key.principalId |
service.detection.sequence.resources.data.access Key.userName |
service.detection.sequence.resources.data.access Key.userType |
service.detection.sequence.resources.data.autoscaling AutoScalingGroup.ec2InstanceUids |
service.detection.sequence.resources.data.cloudformation Stack.ec2InstanceUids |
service.detection.sequence.resources.data.container.image |
Service.detection.sequence.resources.data.container.imageuid |
service.detection.sequence.resources.data.ec2 Image.ec2InstanceUids |
service.detection.sequence.resources.data.ec2 Instance.availabilityZone |
service.detection.sequence.resources.data.ec2 Instance.ec2NetworkInterfaceUids |
service.detection.sequence.resources.data.ec2 Instance.iamInstanceProfile.arn |
service.detection.sequence.resources.data.ec2 Instance.iamInstanceProfile.id |
service.detection.sequence.resources.data.ec2 Instance.imageDescription |
service.detection.sequence.resources.data.ec2 Instance.instanceState |
service.detection.sequence.resources.data.ec2 Instance.instanceType |
service.detection.sequence.resources.data.ec2 Instance.outpostArn |
service.detection.sequence.resources.data.ec2 Instance.platform |
service.detection.sequence.resources.data.ec2 Instance.productCodes.productCodeId |
service.detection.sequence.resources.data.ec2 Instance.productCodes.productCodeType |
service.detection.sequence.resources.data.ec2 LaunchTemplate.ec2InstanceUids |
service.detection.sequence.resources.data.ec2 LaunchTemplate.version |
service.detection.sequence.resources.data.ec2 NetworkInterface.ipv6Addresses |
service.detection.sequence.resources.data.ec2 NetworkInterface.privateIpAddresses.privateDnsName |
service.detection.sequence.resources.data.ec2 NetworkInterface.privateIpAddresses.privateIpAddress |
service.detection.sequence.resources.data.ec2 NetworkInterface.publicIp |
service.detection.sequence.resources.data.ec2 NetworkInterface.securityGroups.groupId |
service.detection.sequence.resources.data.ec2 NetworkInterface.securityGroups.groupName |
service.detection.sequence.resources.data.ec2 NetworkInterface.subNetId |
service.detection.sequence.resources.data.ec2 NetworkInterface.vpcId |
service.detection.sequence.resources.data.ec2 Vpc.ec2InstanceUids |
service.detection.sequence.resources.data.ecs Cluster.ec2InstanceUids |
service.detection.sequence.resources.data.ecs Cluster.status |
service.detection.sequence.resources.data.ecs Task.containerUids |
service.detection.sequence.resources.data.ecs Task.createdAt |
service.detection.sequence.resources.data.ecs Task.launchType |
service.detection.sequence.resources.data.ecs Task.taskDefinitionArn |
service.detection.sequence.resources.data.eks Cluster.arn |
service.detection.sequence.resources.data.eks Cluster.createdAt |
service.detection.sequence.resources.data.eks Cluster.ec2InstanceUids |
service.detection.sequence.resources.data.eks Cluster.status |
service.detection.sequence.resources.data.eks Cluster.vpcId |
service.detection.sequence.resources.data.iam InstanceProfile.ec2InstanceUids |
service.detection.sequence.resources.data.iam InstanceProfile.id |
service.detection.sequence.resources.data.kubernetes Workload.containerUids |
service.detection.sequence.resources.data.kubernetes Workload.namespace |
service.detection.sequence.resources.data.kubernetes Workload.type |
service.detection.sequence.resources.data.s3 Bucket.accountPublicAccess.publicAclAccess |
service.detection.sequence.resources.data.s3 Bucket.accountPublicAccess.publicAclIgnoreBehavior |
service.detection.sequence.resources.data.s3 Bucket.accountPublicAccess.publicBucketRestrictBehavior |
service.detection.sequence.resources.data.s3 Bucket.accountPublicAccess.publicPolicyAccess |
service.detection.sequence.resources.data.s3 Bucket.bucketPublicAccess.publicAclAccess |
service.detection.sequence.resources.data.s3 Bucket.bucketPublicAccess.publicAclIgnoreBehavior |
service.detection.sequence.resources.data.s3 Bucket.bucketPublicAccess.publicBucketRestrictBehavior |
service.detection.sequence.resources.data.s3 Bucket.bucketPublicAccess.publicPolicyAccess |
service.detection.sequence.resources.data.s3 Bucket.createdAt |
service.detection.sequence.resources.data.s3 Bucket.effectivePermission |
service.detection.sequence.resources.data.s3 Bucket.encryptionKeyArn |
service.detection.sequence.resources.data.s3 Bucket.encryptionType |
service.detection.sequence.resources.data.s3 Bucket.ownerId |
service.detection.sequence.resources.data.s3 Bucket.publicReadAccess |
service.detection.sequence.resources.data.s3 Bucket.publicWriteAccess |
service.detection.sequence.resources.data.s3 Bucket.s3ObjectUids |
service.detection.sequence.resources.data.s3 Object.eTag |
service.detection.sequence.resources.data.s3 Object.key |
service.detection.sequence.resources.data.s3 Object.versionId |
service.detection.sequence.resources.name |
service.detection.sequence.resources.region |
Service.detection.sequence.resources.resourceType |
service.detection.sequence.resources.service |
service.detection.sequence.resources.tags.key |
service.detection.sequence.resources.tags.value |
service.detection.sequence.resources.uid |
service.detection.sequence.sequence Indicators.key |
service.detection.sequence.sequence Indicators.title |
service.detection.sequence.sequence Indicators.values |
Service.detection.sequence.signals.actorids |
service.detection.sequence.signals.count |
Service.detection.sequence.signals.createdat |
service.detection.sequence.signals.description |
Service.detection.sequence.signals.endPointIds |
service.detection.sequence.signals.first SeenAt |
service.detection.sequence.signals.last SeenAt |
service.detection.sequence.signals.name |
Service.detection.sequence.signals.resourceUids |
service.detection.sequence.signals.severity |
service.detection.sequence.signals.signal Indicators.key |
service.detection.sequence.signals.signal Indicators.title |
service.detection.sequence.signals.signal Indicators.values |
service.detection.sequence.signals.type |
service.detection.sequence.signals.uid |
Service.detection.sequence.signals.updateDat |
service.detection.sequence.uid |
Service.detectorID |
service.ebs VolumeScanDetails.scanCompletedAt |
service.ebs VolumeScanDetails.scanDetections.highestSeverityThreatDetails.count |
service.ebs VolumeScanDetails.scanDetections.highestSeverityThreatDetails.severity |
service.ebs VolumeScanDetails.scanDetections.highestSeverityThreatDetails.threatName |
service.ebs VolumeScanDetails.scanDetections.scannedItemCount.files |
service.ebs VolumeScanDetails.scanDetections.scannedItemCount.totalGb |
service.ebs VolumeScanDetails.scanDetections.scannedItemCount.volumes |
service.ebs VolumeScanDetails.scanDetections.threatDetectedByName.itemCount |
service.ebs VolumeScanDetails.scanDetections.threatDetectedByName.shortened |
service.ebs VolumeScanDetails.scanDetections.threatDetectedByName.threatNames.filePaths.fileName |
service.ebs VolumeScanDetails.scanDetections.threatDetectedByName.threatNames.filePaths.filePath |
service.ebs VolumeScanDetails.scanDetections.threatDetectedByName.threatNames.filePaths.volumeArn |
service.ebs VolumeScanDetails.scanDetections.threatDetectedByName.threatNames.itemCount |
service.ebs VolumeScanDetails.scanDetections.threatDetectedByName.uniqueThreatNameCount |
service.ebs VolumeScanDetails.scanDetections.threatsDetectedItemCount.files |
service.ebs VolumeScanDetails.scanStartedAt |
service.ebs VolumeScanDetails.scanType |
service.ebs VolumeScanDetails.sources |
service.event FirstSeen |
service.event LastSeen |
layanan.malware ScanDetails.scanCategory |
layanan.malware ScanDetails.scanConfiguration.incrementalScanDetails.baselineResourceArn |
layanan.malware ScanDetails.scanConfiguration.triggerType |
layanan.malware ScanDetails.threats.count |
layanan.malware ScanDetails.threats.hash |
layanan.malware ScanDetails.threats.itemDetails.additionalInfo.deviceName |
layanan.malware ScanDetails.threats.itemDetails.additionalInfo.versionId |
layanan.malware ScanDetails.threats.itemDetails.hash |
layanan.malware ScanDetails.threats.itemDetails.itemPath |
layanan.malware ScanDetails.threats.itemDetails.resourceArn |
layanan.malware ScanDetails.threats.itemPaths.hash |
layanan.malware ScanDetails.threats.itemPaths.nestedItemPath |
layanan.malware ScanDetails.threats.source |
layanan.malware ScanDetails.uniqueThreatCount |
service.runtime Details.context.addressFamily |
service.runtime Details.context.commandLineExample |
service.runtime Details.context.fileSystemType |
service.runtime Details.context.flags |
service.runtime Details.context.ianaProtocolNumber |
service.runtime Details.context.ldPreloadValue |
service.runtime Details.context.libraryPath |
service.runtime Details.context.memoryRegions |
service.runtime Details.context.modifiedAt |
service.runtime Details.context.modifyingProcess.euid |
service.runtime Details.context.modifyingProcess.executablePath |
service.runtime Details.context.modifyingProcess.executableSha256 |
service.runtime Details.context.modifyingProcess.lineage.euid |
service.runtime Details.context.modifyingProcess.lineage.executablePath |
service.runtime Details.context.modifyingProcess.lineage.name |
service.runtime Details.context.modifyingProcess.lineage.namespacePid |
service.runtime Details.context.modifyingProcess.lineage.parentUuid |
service.runtime Details.context.modifyingProcess.lineage.pid |
service.runtime Details.context.modifyingProcess.lineage.startTime |
service.runtime Details.context.modifyingProcess.lineage.userId |
service.runtime Details.context.modifyingProcess.lineage.uuid |
service.runtime Details.context.modifyingProcess.name |
service.runtime Details.context.modifyingProcess.namespacePid |
service.runtime Details.context.modifyingProcess.parentUuid |
service.runtime Details.context.modifyingProcess.pid |
service.runtime Details.context.modifyingProcess.pwd |
service.runtime Details.context.modifyingProcess.startTime |
service.runtime Details.context.modifyingProcess.user |
service.runtime Details.context.modifyingProcess.userId |
service.runtime Details.context.modifyingProcess.uuid |
service.runtime Details.context.mountSource |
service.runtime Details.context.mountTarget |
service.runtime Details.context.relatedFilePaths |
service.runtime Details.context.releaseAgentPath |
service.runtime Details.context.runcBinaryPath |
service.runtime Details.context.scriptPath |
service.runtime Details.context.serviceName |
service.runtime Details.context.shellHistoryFilePath |
service.runtime Details.context.socketPath |
service.runtime Details.context.targetProcess.euid |
service.runtime Details.context.targetProcess.executablePath |
service.runtime Details.context.targetProcess.executableSha256 |
service.runtime Details.context.targetProcess.lineage.euid |
service.runtime Details.context.targetProcess.lineage.executablePath |
service.runtime Details.context.targetProcess.lineage.name |
service.runtime Details.context.targetProcess.lineage.namespacePid |
service.runtime Details.context.targetProcess.lineage.parentUuid |
service.runtime Details.context.targetProcess.lineage.pid |
service.runtime Details.context.targetProcess.lineage.startTime |
service.runtime Details.context.targetProcess.lineage.userId |
service.runtime Details.context.targetProcess.lineage.uuid |
service.runtime Details.context.targetProcess.name |
service.runtime Details.context.targetProcess.namespacePid |
service.runtime Details.context.targetProcess.parentUuid |
service.runtime Details.context.targetProcess.pid |
service.runtime Details.context.targetProcess.pwd |
service.runtime Details.context.targetProcess.startTime |
service.runtime Details.context.targetProcess.user |
service.runtime Details.context.targetProcess.userId |
service.runtime Details.context.targetProcess.uuid |
service.runtime Details.context.threatFilePath |
service.runtime Details.context.toolCategory |
service.runtime Details.context.toolName |
service.runtime Details.process.euid |
service.runtime Details.process.lineage.euid |
service.runtime Details.process.lineage.executablePath |
service.runtime Details.process.lineage.name |
service.runtime Details.process.lineage.namespacePid |
service.runtime Details.process.lineage.parentUuid |
service.runtime Details.process.lineage.pid |
service.runtime Details.process.lineage.startTime |
service.runtime Details.process.lineage.userId |
service.runtime Details.process.lineage.uuid |
service.runtime Details.process.namespacePid |
service.runtime Details.process.parentUuid |
service.runtime Details.process.pid |
service.runtime Details.process.pwd |
service.runtime Details.process.startTime |
service.runtime Details.process.user |
service.runtime Details.process.userId |
service.runtime Details.process.uuid |
Service.userFeedback |
