Class RuntimeContext

java.lang.Object
software.amazon.awssdk.services.guardduty.model.RuntimeContext
All Implemented Interfaces:
Serializable, SdkPojo, ToCopyableBuilder<RuntimeContext.Builder,RuntimeContext>
@Generated("software.amazon.awssdk:codegen") public final class RuntimeContext extends Object implements SdkPojo, Serializable, ToCopyableBuilder<RuntimeContext.Builder,RuntimeContext>

Additional information about the suspicious activity.

See Also:

  • Method Details

    • modifyingProcess

      public final ProcessDetails modifyingProcess()

      Information about the process that modified the current process. This is available for multiple finding types.

      Returns:
      Information about the process that modified the current process. This is available for multiple finding types.

    • modifiedAt

      public final Instant modifiedAt()

      The timestamp at which the process modified the current process. The timestamp is in UTC date string format.

      Returns:
      The timestamp at which the process modified the current process. The timestamp is in UTC date string format.

    • scriptPath

      public final String scriptPath()

      The path to the script that was executed.

      Returns:
      The path to the script that was executed.

    • libraryPath

      public final String libraryPath()

      The path to the new library that was loaded.

      Returns:
      The path to the new library that was loaded.

    • ldPreloadValue

      public final String ldPreloadValue()

      The value of the LD_PRELOAD environment variable.

      Returns:
      The value of the LD_PRELOAD environment variable.

    • socketPath

      public final String socketPath()

      The path to the docket socket that was accessed.

      Returns:
      The path to the docket socket that was accessed.

    • runcBinaryPath

      public final String runcBinaryPath()

      The path to the leveraged runc implementation.

      Returns:
      The path to the leveraged runc implementation.

    • releaseAgentPath

      public final String releaseAgentPath()

      The path in the container that modified the release agent file.

      Returns:
      The path in the container that modified the release agent file.

    • mountSource

      public final String mountSource()

      The path on the host that is mounted by the container.

      Returns:
      The path on the host that is mounted by the container.

    • mountTarget

      public final String mountTarget()

      The path in the container that is mapped to the host directory.

      Returns:
      The path in the container that is mapped to the host directory.

    • fileSystemType

      public final String fileSystemType()

      Represents the type of mounted fileSystem.

      Returns:
      Represents the type of mounted fileSystem.

    • hasFlags

      public final boolean hasFlags()
      For responses, this returns true if the service returned a value for the Flags property. This DOES NOT check that the value is non-empty (for which, you should check the isEmpty() method on the property). This is useful because the SDK will never return a null collection or map, but you may need to differentiate between the service returning nothing (or null) and the service returning an empty collection or map. For requests, this returns true if a value for the property was specified in the request builder, and false if a value was not specified.

    • flags

      public final List<String> flags()

      Represents options that control the behavior of a runtime operation or action. For example, a filesystem mount operation may contain a read-only flag.

      Attempts to modify the collection returned by this method will result in an UnsupportedOperationException.

      This method will never return null. If you would like to know whether the service returned this field (so that you can differentiate between null and empty), you can use the hasFlags() method.

      Returns:
      Represents options that control the behavior of a runtime operation or action. For example, a filesystem mount operation may contain a read-only flag.

    • moduleName

      public final String moduleName()

      The name of the module loaded into the kernel.

      Returns:
      The name of the module loaded into the kernel.

    • moduleFilePath

      public final String moduleFilePath()

      The path to the module loaded into the kernel.

      Returns:
      The path to the module loaded into the kernel.

    • moduleSha256

      public final String moduleSha256()

      The SHA256 hash of the module.

      Returns:
      The SHA256 hash of the module.

    • shellHistoryFilePath

      public final String shellHistoryFilePath()

      The path to the modified shell history file.

      Returns:
      The path to the modified shell history file.

    • targetProcess

      public final ProcessDetails targetProcess()

      Information about the process that had its memory overwritten by the current process.

      Returns:
      Information about the process that had its memory overwritten by the current process.

    • addressFamily

      public final String addressFamily()

      Represents the communication protocol associated with the address. For example, the address family AF_INET is used for IP version of 4 protocol.

      Returns:
      Represents the communication protocol associated with the address. For example, the address family AF_INET is used for IP version of 4 protocol.

    • ianaProtocolNumber

      public final Integer ianaProtocolNumber()

      Specifies a particular protocol within the address family. Usually there is a single protocol in address families. For example, the address family AF_INET only has the IP protocol.

      Returns:
      Specifies a particular protocol within the address family. Usually there is a single protocol in address families. For example, the address family AF_INET only has the IP protocol.

    • hasMemoryRegions

      public final boolean hasMemoryRegions()
      For responses, this returns true if the service returned a value for the MemoryRegions property. This DOES NOT check that the value is non-empty (for which, you should check the isEmpty() method on the property). This is useful because the SDK will never return a null collection or map, but you may need to differentiate between the service returning nothing (or null) and the service returning an empty collection or map. For requests, this returns true if a value for the property was specified in the request builder, and false if a value was not specified.

    • memoryRegions

      public final List<String> memoryRegions()

      Specifies the Region of a process's address space such as stack and heap.

      Attempts to modify the collection returned by this method will result in an UnsupportedOperationException.

      This method will never return null. If you would like to know whether the service returned this field (so that you can differentiate between null and empty), you can use the hasMemoryRegions() method.

      Returns:
      Specifies the Region of a process's address space such as stack and heap.

    • toolName

      public final String toolName()

      Name of the potentially suspicious tool.

      Returns:
      Name of the potentially suspicious tool.

    • toolCategory

      public final String toolCategory()

      Category that the tool belongs to. Some of the examples are Backdoor Tool, Pentest Tool, Network Scanner, and Network Sniffer.

      Returns:
      Category that the tool belongs to. Some of the examples are Backdoor Tool, Pentest Tool, Network Scanner, and Network Sniffer.

    • serviceName

      public final String serviceName()

      Name of the security service that has been potentially disabled.

      Returns:
      Name of the security service that has been potentially disabled.

    • commandLineExample

      public final String commandLineExample()

      Example of the command line involved in the suspicious activity.

      Returns:
      Example of the command line involved in the suspicious activity.

    • threatFilePath

      public final String threatFilePath()

      The suspicious file path for which the threat intelligence details were found.

      Returns:
      The suspicious file path for which the threat intelligence details were found.

    • toBuilder

      public RuntimeContext.Builder toBuilder()
      Description copied from interface: ToCopyableBuilder
      Take this object and create a builder that contains all of the current property values of this object.
      Specified by:
      toBuilder in interface ToCopyableBuilder<RuntimeContext.Builder,RuntimeContext>
      Returns:
      a builder for type T

    • builder

      public static RuntimeContext.Builder builder()

    • serializableBuilderClass

      public static Class<? extends RuntimeContext.Builder> serializableBuilderClass()

    • hashCode

      public final int hashCode()
      Overrides:
      hashCode in class Object

    • equals

      public final boolean equals(Object obj)
      Overrides:
      equals in class Object

    • equalsBySdkFields

      public final boolean equalsBySdkFields(Object obj)
      Description copied from interface: SdkPojo
      Indicates whether some other object is "equal to" this one by SDK fields. An SDK field is a modeled, non-inherited field in an SdkPojo class, and is generated based on a service model.

      If an SdkPojo class does not have any inherited fields, equalsBySdkFields and equals are essentially the same.

      Specified by:
      equalsBySdkFields in interface SdkPojo
      Parameters:
      obj - the object to be compared with
      Returns:
      true if the other object equals to this object by sdk fields, false otherwise.

    • toString

      public final String toString()
      Returns a string representation of this object. This is useful for testing and debugging. Sensitive data will be redacted from this string using a placeholder value.
      Overrides:
      toString in class Object

    • getValueForField

      public final <T> Optional<T> getValueForField(String fieldName, Class<T> clazz)

    • sdkFields

      public final List<SdkField<?>> sdkFields()
      Specified by:
      sdkFields in interface SdkPojo
      Returns:
      List of SdkField in this POJO. May be empty list but should never be null.