RuntimeContext

Represents the communication protocol associated with the address. For example, the address family AF_INET is used for IP version of 4 protocol.

Represents the type of mounted fileSystem.

Represents options that control the behavior of a runtime operation or action. For example, a filesystem mount operation may contain a read-only flag.

Specifies a particular protocol within the address family. Usually there is a single protocol in address families. For example, the address family AF_INET only has the IP protocol.

The value of the LD_PRELOAD environment variable.

The path to the new library that was loaded.

Specifies the Region of a process's address space such as stack and heap.

The timestamp at which the process modified the current process. The timestamp is in UTC date string format.

Information about the process that modified the current process. This is available for multiple finding types.

The path to the module loaded into the kernel.

The name of the module loaded into the kernel.

The SHA256 hash of the module.

The path on the host that is mounted by the container.

The path in the container that is mapped to the host directory.

The path in the container that modified the release agent file.

The path to the leveraged runc implementation.

The path to the script that was executed.

The path to the modified shell history file.

The path to the docket socket that was accessed.

Information about the process that had its memory overwritten by the current process.