Amazon GuardDuty · Schema
ProcessDetails
Information about the observed process.
Anomaly DetectionComplianceMachine LearningMonitoringSecurityThreat Detection
Properties
| Name | Type | Description |
|---|---|---|
| Name | object | |
| ExecutablePath | object | |
| ExecutableSha256 | object | |
| NamespacePid | object | |
| Pwd | object | |
| Pid | object | |
| StartTime | object | |
| Uuid | object | |
| ParentUuid | object | |
| User | object | |
| UserId | object | |
| Euid | object | |
| Lineage | object |
JSON Schema
{
"$schema": "https://json-schema.org/draft/2020-12/schema",
"$id": "https://raw.githubusercontent.com/api-evangelist/amazon-guardduty/refs/heads/main/json-schema/guardduty-process-details-schema.json",
"title": "ProcessDetails",
"description": "Information about the observed process.",
"type": "object",
"properties": {
"Name": {
"allOf": [
{
"$ref": "#/components/schemas/String"
},
{
"xml": {
"name": "name"
},
"description": "The name of the process."
}
]
},
"ExecutablePath": {
"allOf": [
{
"$ref": "#/components/schemas/String"
},
{
"xml": {
"name": "executablePath"
},
"description": "The absolute path of the process executable file."
}
]
},
"ExecutableSha256": {
"allOf": [
{
"$ref": "#/components/schemas/String"
},
{
"xml": {
"name": "executableSha256"
},
"description": "The <code>SHA256</code> hash of the process executable."
}
]
},
"NamespacePid": {
"allOf": [
{
"$ref": "#/components/schemas/Integer"
},
{
"xml": {
"name": "namespacePid"
},
"description": "The ID of the child process."
}
]
},
"Pwd": {
"allOf": [
{
"$ref": "#/components/schemas/String"
},
{
"xml": {
"name": "pwd"
},
"description": "The present working directory of the process."
}
]
},
"Pid": {
"allOf": [
{
"$ref": "#/components/schemas/Integer"
},
{
"xml": {
"name": "pid"
},
"description": "The ID of the process."
}
]
},
"StartTime": {
"allOf": [
{
"$ref": "#/components/schemas/Timestamp"
},
{
"xml": {
"name": "startTime"
},
"description": "The time when the process started. This is in UTC format."
}
]
},
"Uuid": {
"allOf": [
{
"$ref": "#/components/schemas/String"
},
{
"xml": {
"name": "uuid"
},
"description": "The unique ID assigned to the process by GuardDuty."
}
]
},
"ParentUuid": {
"allOf": [
{
"$ref": "#/components/schemas/String"
},
{
"xml": {
"name": "parentUuid"
},
"description": "The unique ID of the parent process. This ID is assigned to the parent process by GuardDuty."
}
]
},
"User": {
"allOf": [
{
"$ref": "#/components/schemas/String"
},
{
"xml": {
"name": "user"
},
"description": "The user that executed the process."
}
]
},
"UserId": {
"allOf": [
{
"$ref": "#/components/schemas/Integer"
},
{
"xml": {
"name": "userId"
},
"description": "The unique ID of the user that executed the process."
}
]
},
"Euid": {
"allOf": [
{
"$ref": "#/components/schemas/Integer"
},
{
"xml": {
"name": "euid"
},
"description": "The effective user ID of the user that executed the process."
}
]
},
"Lineage": {
"allOf": [
{
"$ref": "#/components/schemas/Lineage"
},
{
"xml": {
"name": "lineage"
},
"description": "Information about the process's lineage."
}
]
}
}
}