Package software.amazon.awssdk.services.guardduty.model

Interface RuntimeContext.Builder

    • Method Detail

      • modifyingProcess

        RuntimeContext.Builder modifyingProcess​(ProcessDetails modifyingProcess)

        Information about the process that modified the current process. This is available for multiple finding types.

        Parameters:
        modifyingProcess - Information about the process that modified the current process. This is available for multiple finding types.
        Returns:
        Returns a reference to this object so that method calls can be chained together.

      • modifiedAt

        RuntimeContext.Builder modifiedAt​(Instant modifiedAt)

        The timestamp at which the process modified the current process. The timestamp is in UTC date string format.

        Parameters:
        modifiedAt - The timestamp at which the process modified the current process. The timestamp is in UTC date string format.
        Returns:
        Returns a reference to this object so that method calls can be chained together.

      • scriptPath

        RuntimeContext.Builder scriptPath​(String scriptPath)

        The path to the script that was executed.

        Parameters:
        scriptPath - The path to the script that was executed.
        Returns:
        Returns a reference to this object so that method calls can be chained together.

      • libraryPath

        RuntimeContext.Builder libraryPath​(String libraryPath)

        The path to the new library that was loaded.

        Parameters:
        libraryPath - The path to the new library that was loaded.
        Returns:
        Returns a reference to this object so that method calls can be chained together.

      • ldPreloadValue

        RuntimeContext.Builder ldPreloadValue​(String ldPreloadValue)

        The value of the LD_PRELOAD environment variable.

        Parameters:
        ldPreloadValue - The value of the LD_PRELOAD environment variable.
        Returns:
        Returns a reference to this object so that method calls can be chained together.

      • socketPath

        RuntimeContext.Builder socketPath​(String socketPath)

        The path to the docket socket that was accessed.

        Parameters:
        socketPath - The path to the docket socket that was accessed.
        Returns:
        Returns a reference to this object so that method calls can be chained together.

      • runcBinaryPath

        RuntimeContext.Builder runcBinaryPath​(String runcBinaryPath)

        The path to the leveraged runc implementation.

        Parameters:
        runcBinaryPath - The path to the leveraged runc implementation.
        Returns:
        Returns a reference to this object so that method calls can be chained together.

      • releaseAgentPath

        RuntimeContext.Builder releaseAgentPath​(String releaseAgentPath)

        The path in the container that modified the release agent file.

        Parameters:
        releaseAgentPath - The path in the container that modified the release agent file.
        Returns:
        Returns a reference to this object so that method calls can be chained together.

      • mountSource

        RuntimeContext.Builder mountSource​(String mountSource)

        The path on the host that is mounted by the container.

        Parameters:
        mountSource - The path on the host that is mounted by the container.
        Returns:
        Returns a reference to this object so that method calls can be chained together.

      • mountTarget

        RuntimeContext.Builder mountTarget​(String mountTarget)

        The path in the container that is mapped to the host directory.

        Parameters:
        mountTarget - The path in the container that is mapped to the host directory.
        Returns:
        Returns a reference to this object so that method calls can be chained together.

      • fileSystemType

        RuntimeContext.Builder fileSystemType​(String fileSystemType)

        Represents the type of mounted fileSystem.

        Parameters:
        fileSystemType - Represents the type of mounted fileSystem.
        Returns:
        Returns a reference to this object so that method calls can be chained together.

      • flags

        RuntimeContext.Builder flags​(Collection<String> flags)

        Represents options that control the behavior of a runtime operation or action. For example, a filesystem mount operation may contain a read-only flag.

        Parameters:
        flags - Represents options that control the behavior of a runtime operation or action. For example, a filesystem mount operation may contain a read-only flag.
        Returns:
        Returns a reference to this object so that method calls can be chained together.

      • flags

        RuntimeContext.Builder flags​(String... flags)

        Represents options that control the behavior of a runtime operation or action. For example, a filesystem mount operation may contain a read-only flag.

        Parameters:
        flags - Represents options that control the behavior of a runtime operation or action. For example, a filesystem mount operation may contain a read-only flag.
        Returns:
        Returns a reference to this object so that method calls can be chained together.

      • moduleName

        RuntimeContext.Builder moduleName​(String moduleName)

        The name of the module loaded into the kernel.

        Parameters:
        moduleName - The name of the module loaded into the kernel.
        Returns:
        Returns a reference to this object so that method calls can be chained together.

      • moduleFilePath

        RuntimeContext.Builder moduleFilePath​(String moduleFilePath)

        The path to the module loaded into the kernel.

        Parameters:
        moduleFilePath - The path to the module loaded into the kernel.
        Returns:
        Returns a reference to this object so that method calls can be chained together.

      • moduleSha256

        RuntimeContext.Builder moduleSha256​(String moduleSha256)

        The SHA256 hash of the module.

        Parameters:
        moduleSha256 - The SHA256 hash of the module.
        Returns:
        Returns a reference to this object so that method calls can be chained together.

      • shellHistoryFilePath

        RuntimeContext.Builder shellHistoryFilePath​(String shellHistoryFilePath)

        The path to the modified shell history file.

        Parameters:
        shellHistoryFilePath - The path to the modified shell history file.
        Returns:
        Returns a reference to this object so that method calls can be chained together.

      • targetProcess

        RuntimeContext.Builder targetProcess​(ProcessDetails targetProcess)

        Information about the process that had its memory overwritten by the current process.

        Parameters:
        targetProcess - Information about the process that had its memory overwritten by the current process.
        Returns:
        Returns a reference to this object so that method calls can be chained together.

      • addressFamily

        RuntimeContext.Builder addressFamily​(String addressFamily)

        Represents the communication protocol associated with the address. For example, the address family AF_INET is used for IP version of 4 protocol.

        Parameters:
        addressFamily - Represents the communication protocol associated with the address. For example, the address family AF_INET is used for IP version of 4 protocol.
        Returns:
        Returns a reference to this object so that method calls can be chained together.

      • ianaProtocolNumber

        RuntimeContext.Builder ianaProtocolNumber​(Integer ianaProtocolNumber)

        Specifies a particular protocol within the address family. Usually there is a single protocol in address families. For example, the address family AF_INET only has the IP protocol.

        Parameters:
        ianaProtocolNumber - Specifies a particular protocol within the address family. Usually there is a single protocol in address families. For example, the address family AF_INET only has the IP protocol.
        Returns:
        Returns a reference to this object so that method calls can be chained together.

      • memoryRegions

        RuntimeContext.Builder memoryRegions​(Collection<String> memoryRegions)

        Specifies the Region of a process's address space such as stack and heap.

        Parameters:
        memoryRegions - Specifies the Region of a process's address space such as stack and heap.
        Returns:
        Returns a reference to this object so that method calls can be chained together.

      • memoryRegions

        RuntimeContext.Builder memoryRegions​(String... memoryRegions)

        Specifies the Region of a process's address space such as stack and heap.

        Parameters:
        memoryRegions - Specifies the Region of a process's address space such as stack and heap.
        Returns:
        Returns a reference to this object so that method calls can be chained together.

      • toolName

        RuntimeContext.Builder toolName​(String toolName)

        Name of the potentially suspicious tool.

        Parameters:
        toolName - Name of the potentially suspicious tool.
        Returns:
        Returns a reference to this object so that method calls can be chained together.

      • toolCategory

        RuntimeContext.Builder toolCategory​(String toolCategory)

        Category that the tool belongs to. Some of the examples are Backdoor Tool, Pentest Tool, Network Scanner, and Network Sniffer.

        Parameters:
        toolCategory - Category that the tool belongs to. Some of the examples are Backdoor Tool, Pentest Tool, Network Scanner, and Network Sniffer.
        Returns:
        Returns a reference to this object so that method calls can be chained together.

      • serviceName

        RuntimeContext.Builder serviceName​(String serviceName)

        Name of the security service that has been potentially disabled.

        Parameters:
        serviceName - Name of the security service that has been potentially disabled.
        Returns:
        Returns a reference to this object so that method calls can be chained together.

      • commandLineExample

        RuntimeContext.Builder commandLineExample​(String commandLineExample)

        Example of the command line involved in the suspicious activity.

        Parameters:
        commandLineExample - Example of the command line involved in the suspicious activity.
        Returns:
        Returns a reference to this object so that method calls can be chained together.

      • threatFilePath

        RuntimeContext.Builder threatFilePath​(String threatFilePath)

        The suspicious file path for which the threat intelligence details were found.

        Parameters:
        threatFilePath - The suspicious file path for which the threat intelligence details were found.
        Returns:
        Returns a reference to this object so that method calls can be chained together.