Package security.whisper.javastix.coo.extension.types

Interface WindowsProcessExtensionExt

All Superinterfaces:
CyberObservableExtension, CyberObservableExtensionCommonProperties, GenericValidation, SdoDefaultValidator, StixCustomProperties
All Known Implementing Classes:
WindowsProcessExtension
@Immutable @DefaultTypeValue(value="windows-process-ext", groups=DefaultValuesProcessor.class) @AllowedParents(ProcessCoo.class) @BusinessRule(ifExp="isAslrEnabled().orElse(false) == true || isDepEnabled().orElse(false) == true", thenExp="isDepEnabled().orElse(false) == false || isAslrEnabled().orElse(false) == false", errorMessage="Dep and ASLR cannot both be enabled") public interface WindowsProcessExtensionExt extends CyberObservableExtension
The Windows Process extension specifies a default extension for capturing properties specific to Windows processes.

  • Method Details

    • isAslrEnabled

      @JsonPropertyDescription("Specifies whether Address Space Layout Randomization (ASLR) is enabled for the process.") @NotNull @NotNull Optional<Boolean> isAslrEnabled()

    • isDepEnabled

      @JsonPropertyDescription("Specifies whether Data Execution Prevention (DEP) is enabled for the process.") @NotNull @NotNull Optional<Boolean> isDepEnabled()

    • getPriority

      @JsonPropertyDescription("Specifies the current priority class of the process in Windows.") Optional<String> getPriority()

    • getOwnerSid

      @JsonPropertyDescription("Specifies the Security ID (SID) value of the owner of the process.") Optional<String> getOwnerSid()

    • getWindowTitle

      @JsonPropertyDescription("Specifies the title of the main window of the process.") Optional<String> getWindowTitle()

    • getStartupInfo

      @JsonPropertyDescription("Specifies the STARTUP_INFO struct used by the process, as a dictionary.") Map<String,String> getStartupInfo()