Process Data

Process data contains all attributes about a process that was flagged by Sandfly Security or the user for whatever reason. It will contain not only process specific information, but also information on the binary associated with the process if it is available. The binary information mirrors that available under the File Data type.

{
    "name": "",
    "extension": "",
    "cmdline": "",
    "command": "",
    "date": {
        "created": "",
        "created_minutes": 0
    },
    "pid": 0,
    "ppid": 0,
    "pgid": 0,
    "uid": 0,
    "uid_name": "",
    "gid": 0,
    "gid_name": "",
    "path": "",
    "cwd": "",
    "entropy": 0,
    "state": "",
    "system_uptime": "",
    "flags": {
        "deleted": false,
        "immutable": false,
        "containerized": false,
        "hidden": false
    },
    "file_descriptors": null,
    "environ": null,
    "maps": null,
    "stack": null,
    "cgroup": null,
    "container": {
        "id": "",
        "id_short": "",
        "upperdir": "",
        "workingdir": ""
    },
    "network_ports": {
        "operating": false,
        "established": false,
        "established_num": 0,
        "listening": false,
        "listening_num": 0,
        "tcp": {
            "operating": false,
            "listening": false,
            "listening_num": 0,
            "established": false,
            "established_num": 0,
            "connections": null
        },
        "tcp6": {
            "operating": false,
            "listening": false,
            "listening_num": 0,
            "established": false,
            "established_num": 0,
            "connections": null
        },
        "udp": {
            "operating": false,
            "listening": false,
            "listening_num": 0,
            "established": false,
            "established_num": 0,
            "connections": null
        },
        "udp6": {
            "operating": false,
            "listening": false,
            "listening_num": 0,
            "established": false,
            "established_num": 0,
            "connections": null
        },
        "icmp": {
            "operating": false,
            "listening": false,
            "listening_num": 0,
            "established": false,
            "established_num": 0,
            "connections": null
        },
        "icmp6": {
            "operating": false,
            "listening": false,
            "listening_num": 0,
            "established": false,
            "established_num": 0,
            "connections": null
        },
        "raw": {
            "operating": false,
            "listening": false,
            "listening_num": 0,
            "established": false,
            "established_num": 0,
            "connections": null
        },
        "raw6": {
            "operating": false,
            "listening": false,
            "listening_num": 0,
            "established": false,
            "established_num": 0,
            "connections": null
        },
        "sctp": {
            "operating": false,
            "listening": false,
            "listening_num": 0,
            "established": false,
            "established_num": 0,
            "connections": null
        }
    },
    "hash": {
        "md5": "",
        "sha1": "",
        "sha256": "",
        "sha512": ""
    },
    "binary": {
        "date": {
            "created": "",
            "created_minutes": 0,
            "modified": "",
            "modified_minutes": 0,
            "accessed": "",
            "accessed_minutes": 0
        },
        "inode": 0,
        "device": 0,
        "rdevice": 0,
        "nlink": 0,
        "mode": "",
        "uid": 0,
        "uid_name": "",
        "gid": 0,
        "gid_name": "",
        "size": 0,
        "size_byte_count": 0,
        "size_mismatch": false,
        "blksize": 0,
        "blocks": 0,
        "path": "",
        "path_root": "",
        "path_link": "",
        "name": "",
        "extension": "",
        "flags": {
            "directory": false,
            "regular": false,
            "link": false,
            "suid": false,
            "suid_root": false,
            "sgid": false,
            "sgid_root": false,
            "socket": false,
            "device": false,
            "char_device": false,
            "named_pipe": false,
            "sticky": false,
            "immutable": false,
            "hidden": false,
            "deleted": false
        },
        "entropy": 0,
        "hash": {
            "md5": "",
            "sha1": "",
            "sha256": "",
            "sha512": ""
        },
        "magic_num": {
            "hex": "",
            "text": "",
            "type": "",
            "class": "",
            "expected_extensions": null
        },
        "data": null
    }
}

Did this page help you?