Package security.whisper.javastix.coo.extension.types

Class WindowsProcessExtension

java.lang.Object
security.whisper.javastix.coo.extension.types.WindowsProcessExtension
All Implemented Interfaces:
Serializable, StixCustomProperties, CyberObservableExtension, CyberObservableExtensionCommonProperties, WindowsProcessExtensionExt, GenericValidation, SdoDefaultValidator
@ParametersAreNonnullByDefault @Generated("org.immutables.processor.ProxyProcessor") @Immutable @CheckReturnValue @AllowedParents(ProcessCoo.class) public final class WindowsProcessExtension extends Object implements WindowsProcessExtensionExt, Serializable
The Windows Process extension specifies a default extension for capturing properties specific to Windows processes.
See Also:

  • Method Details

    • isAslrEnabled

      @JsonPropertyDescription("Specifies whether Address Space Layout Randomization (ASLR) is enabled for the process.") public Optional<Boolean> isAslrEnabled()
      Specified by:
      isAslrEnabled in interface WindowsProcessExtensionExt
      Returns:
      The value of the isAslrEnabled attribute

    • isDepEnabled

      @JsonPropertyDescription("Specifies whether Data Execution Prevention (DEP) is enabled for the process.") public Optional<Boolean> isDepEnabled()
      Specified by:
      isDepEnabled in interface WindowsProcessExtensionExt
      Returns:
      The value of the isDepEnabled attribute

    • getPriority

      @JsonPropertyDescription("Specifies the current priority class of the process in Windows.") public Optional<String> getPriority()
      Specified by:
      getPriority in interface WindowsProcessExtensionExt
      Returns:
      The value of the priority attribute

    • getOwnerSid

      @JsonPropertyDescription("Specifies the Security ID (SID) value of the owner of the process.") public Optional<String> getOwnerSid()
      Specified by:
      getOwnerSid in interface WindowsProcessExtensionExt
      Returns:
      The value of the ownerSid attribute

    • getWindowTitle

      @JsonPropertyDescription("Specifies the title of the main window of the process.") public Optional<String> getWindowTitle()
      Specified by:
      getWindowTitle in interface WindowsProcessExtensionExt
      Returns:
      The value of the windowTitle attribute

    • getStartupInfo

      @JsonPropertyDescription("Specifies the STARTUP_INFO struct used by the process, as a dictionary.") public com.google.common.collect.ImmutableMap<String,String> getStartupInfo()
      Specified by:
      getStartupInfo in interface WindowsProcessExtensionExt
      Returns:
      The value of the startupInfo attribute

    • getType

      public String getType()
      This property is used for generation of the dictionary during serialization, and used as the "Type" mapping value for polymorphic when deserializing.
      Specified by:
      getType in interface CyberObservableExtensionCommonProperties

    • getCustomProperties

      public com.google.common.collect.ImmutableMap<String,Object> getCustomProperties()
      Custom Properties for STIX Objects. Any object that supports custom properties will have a validation of the custom property prefix (typically "x_"). If the additional property in the JSON does not meet the StartsWith condition, then the JSON will be rejected.
      Specified by:
      getCustomProperties in interface StixCustomProperties
      Returns:
      Map of custom properties Map<String, Object>

    • withIsAslrEnabled

      public final WindowsProcessExtension withIsAslrEnabled(boolean value)
      Copy the current immutable object by setting a present value for the optional isAslrEnabled attribute.
      Parameters:
      value - The value for isAslrEnabled
      Returns:
      A modified copy of this object

    • withIsAslrEnabled

      public final WindowsProcessExtension withIsAslrEnabled(Optional<Boolean> optional)
      Copy the current immutable object by setting an optional value for the isAslrEnabled attribute. An equality check is used on inner nullable value to prevent copying of the same value by returning this.
      Parameters:
      optional - A value for isAslrEnabled
      Returns:
      A modified copy of this object

    • withIsDepEnabled

      public final WindowsProcessExtension withIsDepEnabled(boolean value)
      Copy the current immutable object by setting a present value for the optional isDepEnabled attribute.
      Parameters:
      value - The value for isDepEnabled
      Returns:
      A modified copy of this object

    • withIsDepEnabled

      public final WindowsProcessExtension withIsDepEnabled(Optional<Boolean> optional)
      Copy the current immutable object by setting an optional value for the isDepEnabled attribute. An equality check is used on inner nullable value to prevent copying of the same value by returning this.
      Parameters:
      optional - A value for isDepEnabled
      Returns:
      A modified copy of this object

    • withPriority

      public final WindowsProcessExtension withPriority(String value)
      Copy the current immutable object by setting a present value for the optional priority attribute.
      Parameters:
      value - The value for priority
      Returns:
      A modified copy of this object

    • withPriority

      public final WindowsProcessExtension withPriority(Optional<String> optional)
      Copy the current immutable object by setting an optional value for the priority attribute. An equality check is used on inner nullable value to prevent copying of the same value by returning this.
      Parameters:
      optional - A value for priority
      Returns:
      A modified copy of this object

    • withOwnerSid

      public final WindowsProcessExtension withOwnerSid(String value)
      Copy the current immutable object by setting a present value for the optional ownerSid attribute.
      Parameters:
      value - The value for ownerSid
      Returns:
      A modified copy of this object

    • withOwnerSid

      public final WindowsProcessExtension withOwnerSid(Optional<String> optional)
      Copy the current immutable object by setting an optional value for the ownerSid attribute. An equality check is used on inner nullable value to prevent copying of the same value by returning this.
      Parameters:
      optional - A value for ownerSid
      Returns:
      A modified copy of this object

    • withWindowTitle

      public final WindowsProcessExtension withWindowTitle(String value)
      Copy the current immutable object by setting a present value for the optional windowTitle attribute.
      Parameters:
      value - The value for windowTitle
      Returns:
      A modified copy of this object

    • withWindowTitle

      public final WindowsProcessExtension withWindowTitle(Optional<String> optional)
      Copy the current immutable object by setting an optional value for the windowTitle attribute. An equality check is used on inner nullable value to prevent copying of the same value by returning this.
      Parameters:
      optional - A value for windowTitle
      Returns:
      A modified copy of this object

    • withStartupInfo

      public final WindowsProcessExtension withStartupInfo(Map<String,? extends String> entries)
      Copy the current immutable object by replacing the startupInfo map with the specified map. Nulls are not permitted as keys or values. A shallow reference equality check is used to prevent copying of the same value by returning this.
      Parameters:
      entries - The entries to be added to the startupInfo map
      Returns:
      A modified copy of this object

    • withType

      public final WindowsProcessExtension withType(String value)
      Copy the current immutable object by setting a value for the type attribute. An equals check used to prevent copying of the same value by returning this.
      Parameters:
      value - A new value for type (can be null)
      Returns:
      A modified copy of the this object

    • withCustomProperties

      public final WindowsProcessExtension withCustomProperties(Map<String,? extends Object> entries)
      Copy the current immutable object by replacing the customProperties map with the specified map. Nulls are not permitted as keys or values. A shallow reference equality check is used to prevent copying of the same value by returning this.
      Parameters:
      entries - The entries to be added to the customProperties map
      Returns:
      A modified copy of this object

    • equals

      public boolean equals(@Nullable Object another)
      This instance is equal to all instances of WindowsProcessExtension that have equal attribute values.
      Overrides:
      equals in class Object
      Returns:
      true if this is equal to another instance

    • hashCode

      public int hashCode()
      Computes a hash code from attributes: isAslrEnabled, isDepEnabled, priority, ownerSid, windowTitle, startupInfo, type, customProperties.
      Overrides:
      hashCode in class Object
      Returns:
      hashCode value

    • toString

      public String toString()
      Prints the immutable value WindowsProcessExtension with attribute values.
      Overrides:
      toString in class Object
      Returns:
      A string representation of the value

    • copyOf

      public static WindowsProcessExtension copyOf(WindowsProcessExtensionExt instance)
      Creates an immutable copy of a WindowsProcessExtensionExt value. Uses accessors to get values to initialize the new immutable instance. If an instance is already immutable, it is returned as is.
      Parameters:
      instance - The instance to copy
      Returns:
      A copied immutable WindowsProcessExtension instance

    • builder

      public static WindowsProcessExtension.Builder builder()
      Creates a builder for WindowsProcessExtension.
      Returns:
      A new WindowsProcessExtension builder