software.amazon.awssdk.services.guardduty.model

Class RuntimeContext

java.lang.Object

software.amazon.awssdk.services.guardduty.model.RuntimeContext

All Implemented Interfaces:

Serializable, SdkPojo, ToCopyableBuilder<RuntimeContext.Builder,RuntimeContext>

@Generated(value="software.amazon.awssdk:codegen")
public final class RuntimeContext
extends Object
implements SdkPojo, Serializable, ToCopyableBuilder<RuntimeContext.Builder,RuntimeContext>

Additional information about the suspicious activity.

See Also:

Serialized Form

Nested Class Summary

Nested Classes

Modifier and Type	Class and Description
static interface	RuntimeContext.Builder

Method Summary

Modifier and Type	Method and Description
String	addressFamily() Represents the communication protocol associated with the address.
static RuntimeContext.Builder	builder()
boolean	equals(Object obj)
boolean	equalsBySdkFields(Object obj)
String	fileSystemType() Represents the type of mounted fileSystem.
List<String>	flags() Represents options that control the behavior of a runtime operation or action.
<T> Optional<T>	getValueForField(String fieldName, Class<T> clazz)
boolean	hasFlags() For responses, this returns true if the service returned a value for the Flags property.
int	hashCode()
boolean	hasMemoryRegions() For responses, this returns true if the service returned a value for the MemoryRegions property.
Integer	ianaProtocolNumber() Specifies a particular protocol within the address family.
String	ldPreloadValue() The value of the LD_PRELOAD environment variable.
String	libraryPath() The path to the new library that was loaded.
List<String>	memoryRegions() Specifies the Region of a process's address space such as stack and heap.
Instant	modifiedAt() The timestamp at which the process modified the current process.
ProcessDetails	modifyingProcess() Information about the process that modified the current process.
String	moduleFilePath() The path to the module loaded into the kernel.
String	moduleName() The name of the module loaded into the kernel.
String	moduleSha256() The SHA256 hash of the module.
String	mountSource() The path on the host that is mounted by the container.
String	mountTarget() The path in the container that is mapped to the host directory.
String	releaseAgentPath() The path in the container that modified the release agent file.
String	runcBinaryPath() The path to the leveraged runc implementation.
String	scriptPath() The path to the script that was executed.
List<SdkField<?>>	sdkFields()
static Class<? extends RuntimeContext.Builder>	serializableBuilderClass()
String	shellHistoryFilePath() The path to the modified shell history file.
String	socketPath() The path to the docket socket that was accessed.
ProcessDetails	targetProcess() Information about the process that had its memory overwritten by the current process.
RuntimeContext.Builder	toBuilder()
String	toString() Returns a string representation of this object.

Methods inherited from class java.lang.Object

clone, finalize, getClass, notify, notifyAll, wait, wait, wait

Methods inherited from interface software.amazon.awssdk.utils.builder.ToCopyableBuilder

copy

Method Detail

modifyingProcess

public final ProcessDetails modifyingProcess()

Information about the process that modified the current process. This is available for multiple finding types.

Returns:

Information about the process that modified the current process. This is available for multiple finding types.

modifiedAt

public final Instant modifiedAt()

The timestamp at which the process modified the current process. The timestamp is in UTC date string format.

Returns:

The timestamp at which the process modified the current process. The timestamp is in UTC date string format.

scriptPath

public final String scriptPath()

The path to the script that was executed.

Returns:

The path to the script that was executed.

libraryPath

public final String libraryPath()

The path to the new library that was loaded.

Returns:

The path to the new library that was loaded.

ldPreloadValue

public final String ldPreloadValue()

The value of the LD_PRELOAD environment variable.

Returns:

The value of the LD_PRELOAD environment variable.

socketPath

public final String socketPath()

The path to the docket socket that was accessed.

Returns:

The path to the docket socket that was accessed.

runcBinaryPath

public final String runcBinaryPath()

The path to the leveraged runc implementation.

Returns:

The path to the leveraged runc implementation.

releaseAgentPath

public final String releaseAgentPath()

The path in the container that modified the release agent file.

Returns:

The path in the container that modified the release agent file.

mountSource

public final String mountSource()

The path on the host that is mounted by the container.

Returns:

The path on the host that is mounted by the container.

mountTarget

public final String mountTarget()

The path in the container that is mapped to the host directory.

Returns:

The path in the container that is mapped to the host directory.

fileSystemType

public final String fileSystemType()

Represents the type of mounted fileSystem.

Returns:

Represents the type of mounted fileSystem.

hasFlags

public final boolean hasFlags()

For responses, this returns true if the service returned a value for the Flags property. This DOES NOT check that the value is non-empty (for which, you should check the isEmpty() method on the property). This is useful because the SDK will never return a null collection or map, but you may need to differentiate between the service returning nothing (or null) and the service returning an empty collection or map. For requests, this returns true if a value for the property was specified in the request builder, and false if a value was not specified.

flags

public final List<String> flags()

Represents options that control the behavior of a runtime operation or action. For example, a filesystem mount operation may contain a read-only flag.

Attempts to modify the collection returned by this method will result in an UnsupportedOperationException.

This method will never return null. If you would like to know whether the service returned this field (so that you can differentiate between null and empty), you can use the hasFlags() method.

Returns:

Represents options that control the behavior of a runtime operation or action. For example, a filesystem mount operation may contain a read-only flag.

moduleName

public final String moduleName()

The name of the module loaded into the kernel.

Returns:

The name of the module loaded into the kernel.

moduleFilePath

public final String moduleFilePath()

The path to the module loaded into the kernel.

Returns:

The path to the module loaded into the kernel.

moduleSha256

public final String moduleSha256()

The SHA256 hash of the module.

Returns:

The SHA256 hash of the module.

shellHistoryFilePath

public final String shellHistoryFilePath()

The path to the modified shell history file.

Returns:

The path to the modified shell history file.

targetProcess

public final ProcessDetails targetProcess()

Information about the process that had its memory overwritten by the current process.

Returns:

Information about the process that had its memory overwritten by the current process.

addressFamily

public final String addressFamily()

Represents the communication protocol associated with the address. For example, the address family AF_INET is used for IP version of 4 protocol.

Returns:

Represents the communication protocol associated with the address. For example, the address family AF_INET is used for IP version of 4 protocol.

ianaProtocolNumber

public final Integer ianaProtocolNumber()

Specifies a particular protocol within the address family. Usually there is a single protocol in address families. For example, the address family AF_INET only has the IP protocol.

Returns:

Specifies a particular protocol within the address family. Usually there is a single protocol in address families. For example, the address family AF_INET only has the IP protocol.

hasMemoryRegions

public final boolean hasMemoryRegions()

For responses, this returns true if the service returned a value for the MemoryRegions property. This DOES NOT check that the value is non-empty (for which, you should check the isEmpty() method on the property). This is useful because the SDK will never return a null collection or map, but you may need to differentiate between the service returning nothing (or null) and the service returning an empty collection or map. For requests, this returns true if a value for the property was specified in the request builder, and false if a value was not specified.

memoryRegions

public final List<String> memoryRegions()

Specifies the Region of a process's address space such as stack and heap.

Attempts to modify the collection returned by this method will result in an UnsupportedOperationException.

This method will never return null. If you would like to know whether the service returned this field (so that you can differentiate between null and empty), you can use the hasMemoryRegions() method.

Returns:

Specifies the Region of a process's address space such as stack and heap.

toBuilder

public RuntimeContext.Builder toBuilder()

Specified by:

toBuilder in interface ToCopyableBuilder<RuntimeContext.Builder,RuntimeContext>

builder

public static RuntimeContext.Builder builder()

serializableBuilderClass

public static Class<? extends RuntimeContext.Builder> serializableBuilderClass()

hashCode

public final int hashCode()

Overrides:

hashCode in class Object

equals

public final boolean equals(Object obj)

Overrides:

equals in class Object

equalsBySdkFields

public final boolean equalsBySdkFields(Object obj)

Specified by:

equalsBySdkFields in interface SdkPojo

toString

public final String toString()

Returns a string representation of this object. This is useful for testing and debugging. Sensitive data will be redacted from this string using a placeholder value.

Overrides:

toString in class Object

getValueForField

public final <T> Optional<T> getValueForField(String fieldName,
                                              Class<T> clazz)

sdkFields

public final List<SdkField<?>> sdkFields()

Specified by:

sdkFields in interface SdkPojo