Skip to content

/AWS1/CL_GDYPROCESSDETAILS

Information about the observed process.

CONSTRUCTOR

IMPORTING

Optional arguments:

iv_name TYPE /AWS1/GDYSTRING /AWS1/GDYSTRING

The name of the process.

iv_executablepath TYPE /AWS1/GDYSTRING /AWS1/GDYSTRING

The absolute path of the process executable file.

iv_executablesha256 TYPE /AWS1/GDYSTRING /AWS1/GDYSTRING

The SHA256 hash of the process executable.

iv_namespacepid TYPE /AWS1/GDYINTEGER /AWS1/GDYINTEGER

The ID of the child process.

iv_pwd TYPE /AWS1/GDYSTRING /AWS1/GDYSTRING

The present working directory of the process.

iv_pid TYPE /AWS1/GDYINTEGER /AWS1/GDYINTEGER

The ID of the process.

iv_starttime TYPE /AWS1/GDYTIMESTAMP /AWS1/GDYTIMESTAMP

The time when the process started. This is in UTC format.

iv_uuid TYPE /AWS1/GDYSTRING /AWS1/GDYSTRING

The unique ID assigned to the process by GuardDuty.

iv_parentuuid TYPE /AWS1/GDYSTRING /AWS1/GDYSTRING

The unique ID of the parent process. This ID is assigned to the parent process by GuardDuty.

iv_user TYPE /AWS1/GDYSTRING /AWS1/GDYSTRING

The user that executed the process.

iv_userid TYPE /AWS1/GDYINTEGER /AWS1/GDYINTEGER

The unique ID of the user that executed the process.

iv_euid TYPE /AWS1/GDYINTEGER /AWS1/GDYINTEGER

The effective user ID of the user that executed the process.

it_lineage TYPE /AWS1/CL_GDYLINEAGEOBJECT=>TT_LINEAGE TT_LINEAGE

Information about the process's lineage.

Queryable Attributes

Name

The name of the process.

Accessible with the following methods

Method Description
GET_NAME() Getter for NAME, with configurable default
ASK_NAME() Getter for NAME w/ exceptions if field has no value
HAS_NAME() Determine if NAME has a value

ExecutablePath

The absolute path of the process executable file.

Accessible with the following methods

Method Description
GET_EXECUTABLEPATH() Getter for EXECUTABLEPATH, with configurable default
ASK_EXECUTABLEPATH() Getter for EXECUTABLEPATH w/ exceptions if field has no valu
HAS_EXECUTABLEPATH() Determine if EXECUTABLEPATH has a value

ExecutableSha256

The SHA256 hash of the process executable.

Accessible with the following methods

Method Description
GET_EXECUTABLESHA256() Getter for EXECUTABLESHA256, with configurable default
ASK_EXECUTABLESHA256() Getter for EXECUTABLESHA256 w/ exceptions if field has no va
HAS_EXECUTABLESHA256() Determine if EXECUTABLESHA256 has a value

NamespacePid

The ID of the child process.

Accessible with the following methods

Method Description
GET_NAMESPACEPID() Getter for NAMESPACEPID, with configurable default
ASK_NAMESPACEPID() Getter for NAMESPACEPID w/ exceptions if field has no value
HAS_NAMESPACEPID() Determine if NAMESPACEPID has a value

Pwd

The present working directory of the process.

Accessible with the following methods

Method Description
GET_PWD() Getter for PWD, with configurable default
ASK_PWD() Getter for PWD w/ exceptions if field has no value
HAS_PWD() Determine if PWD has a value

Pid

The ID of the process.

Accessible with the following methods

Method Description
GET_PID() Getter for PID, with configurable default
ASK_PID() Getter for PID w/ exceptions if field has no value
HAS_PID() Determine if PID has a value

StartTime

The time when the process started. This is in UTC format.

Accessible with the following methods

Method Description
GET_STARTTIME() Getter for STARTTIME, with configurable default
ASK_STARTTIME() Getter for STARTTIME w/ exceptions if field has no value
HAS_STARTTIME() Determine if STARTTIME has a value

Uuid

The unique ID assigned to the process by GuardDuty.

Accessible with the following methods

Method Description
GET_UUID() Getter for UUID, with configurable default
ASK_UUID() Getter for UUID w/ exceptions if field has no value
HAS_UUID() Determine if UUID has a value

ParentUuid

The unique ID of the parent process. This ID is assigned to the parent process by GuardDuty.

Accessible with the following methods

Method Description
GET_PARENTUUID() Getter for PARENTUUID, with configurable default
ASK_PARENTUUID() Getter for PARENTUUID w/ exceptions if field has no value
HAS_PARENTUUID() Determine if PARENTUUID has a value

User

The user that executed the process.

Accessible with the following methods

Method Description
GET_USER() Getter for USER, with configurable default
ASK_USER() Getter for USER w/ exceptions if field has no value
HAS_USER() Determine if USER has a value

UserId

The unique ID of the user that executed the process.

Accessible with the following methods

Method Description
GET_USERID() Getter for USERID, with configurable default
ASK_USERID() Getter for USERID w/ exceptions if field has no value
HAS_USERID() Determine if USERID has a value

Euid

The effective user ID of the user that executed the process.

Accessible with the following methods

Method Description
GET_EUID() Getter for EUID, with configurable default
ASK_EUID() Getter for EUID w/ exceptions if field has no value
HAS_EUID() Determine if EUID has a value

Lineage

Information about the process's lineage.

Accessible with the following methods

Method Description
GET_LINEAGE() Getter for LINEAGE, with configurable default
ASK_LINEAGE() Getter for LINEAGE w/ exceptions if field has no value
HAS_LINEAGE() Determine if LINEAGE has a value