Package security.whisper.javastix.coo.objects

Interface ProcessCoo

All Superinterfaces:
BundleableObject, CyberObservableObject, CyberObservableObjectCommonProperties, GenericValidation, SdoDefaultValidator, Serializable, Stix, StixCustomProperties
All Known Implementing Classes:
Process
@Immutable @DefaultTypeValue(value="process", groups=DefaultValuesProcessor.class) @BusinessRule(ifExp="true", thenExp="getExtensions().isEmpty() == false || isHidden().isPresent() == true || getPid().isPresent() == true || getName().isPresent() == true || getCreated().isPresent() == true || getCwd().isPresent() == true || getArguments().isEmpty() == false || getCommandLine().isPresent() == true || getEnvironmentVariables().isEmpty() == false || getOpenedConnectionRefs().isEmpty() == false || getCreatorUserRef().isPresent() == true || getBinaryRef().isPresent() == true || getParentRef().isPresent() == true || getChildRefs().isEmpty() == false", errorMessage="A Process Object MUST contain at least one property (other than type) from this object (or one of its extensions).") public interface ProcessCoo extends CyberObservableObject
process

The Process Object represents common properties of an instance of a computer program as executed on an operating system.

  • Method Details

    • isHidden

      @JsonPropertyDescription("Specifies whether the process is hidden.") @NotNull @NotNull Optional<Boolean> isHidden()

    • getPid

      @JsonPropertyDescription("Specifies the Process ID, or PID, of the process.") Optional<Long> getPid()

    • getName

      @JsonPropertyDescription("Specifies the name of the process.") Optional<String> getName()

    • getCreated

      @JsonPropertyDescription("Specifies the date/time at which the process was created.") Optional<StixInstant> getCreated()

    • getCwd

      @JsonPropertyDescription("Specifies the current working directory of the process.") Optional<String> getCwd()

    • getArguments

      @JsonPropertyDescription("Specifies the list of arguments used in executing the process.") default List<String> getArguments()

    • getCommandLine

      @JsonPropertyDescription("Specifies the full command line used in executing the process, including the process name (depending on the operating system).") default Optional<String> getCommandLine()

    • getEnvironmentVariables

      @JsonPropertyDescription("Specifies the list of environment variables associated with the process as a dictionary.") default Map<String,String> getEnvironmentVariables()

    • getOpenedConnectionRefs

      @JsonPropertyDescription("Specifies the list of network connections opened by the process, as a reference to one or more Network Traffic Objects.") default Set<String> getOpenedConnectionRefs()

    • getCreatorUserRef

      @JsonPropertyDescription("Specifies the user that created the process, as a reference to a User Account Object.") default Optional<String> getCreatorUserRef()

    • getBinaryRef

      @JsonPropertyDescription("Specifies the executable binary that was executed as the process, as a reference to a File Object.") default Optional<String> getBinaryRef()

    • getParentRef

      @JsonPropertyDescription("Specifies the other process that spawned (i.e. is the parent of) this one, as represented by a Process Object.") default Optional<String> getParentRef()

    • getChildRefs

      @JsonPropertyDescription("Specifies the other processes that were spawned by (i.e. children of) this process, as a reference to one or more other Process Objects.") default Set<String> getChildRefs()

    • getId

      @Derived default String getId()
      Deterministically generates the ID for this process based on its PID and name. Uses PID if available, otherwise uses name, otherwise uses command line.
      Specified by:
      getId in interface BundleableObject
      Specified by:
      getId in interface CyberObservableObjectCommonProperties