Book a Demo Start Free Contact Us

All Fields

Redflag

Ancestors

Type: List of Strings
Description: If the reference object has ancestor processes, this is a list of their names.
Field Name: ancestors

Arguments

Type: List of Strings
Description: If referencing a process, the arguments of the process that generated the red flag.
Field Name: args

Authenticated User Name

Type: String
Description: If referencing a process, the authenticated user name of the process that generated the red flag.
Field Name: auser

Cluster Name

Type: String
Description: If red flag is associated with a cluster, or a node of a cluster, this is the name of the cluster.
Field Name: cluster_name

Description

Type: String
Description: The reason the red flag was generated.
Field Name: description

Effective User Name

Type: String
Description: If referencing a process, the effective user name of the process that generated the red flag.
Field Name: euser

ID

Type: String
Description: The unique ID of the red flag.
Field Name: id

Is Exception

Type: Boolean
Description: Is the red flag marked as an exception? If so, the red flag was generated by expected activity.
Field Name: false_positive

Machine ID

Type: String
Description: The unique machine ID associated with the red flag. Generally begins with "mach:".
Field Name: muid

Policy Name

Type: String
Description: If the red flag is associated with a Guardian policy, this is the name of the policy.
Field Name: policy_name

Policy UID

Type: String
Description: If the red flag is associated with a Guardian policy, this is the unique ID of the policy.
Field Name: policy_uid

Reference Object

Type: String
Description: The unique ID of the object that the red flag is associated with.
Field Name: ref

Schema

Type: String
Description: The full schema string of the red flag.
Field Name: schema

Severity

Type: String
Description: The security level of the red flag. One of: info, low, medium, high, critical.
Field Name: severity

Spydertraces

Type: List of Strings
Description: The unique IDs of the spydertraces that this red flag is a part of.
Field Name: traces

Uptime

Type: Number
Description: The uptime of the object referenced by the redflag.
Field Name: uptime

Opsflag

Agent Type

Type: String
Description: The type of agent that generated an opsflag. Used with agent-related opsflags.
Field Name: agent_type

Ancestors

Type: List of Strings
Description: If the reference object has ancestor processes, this is a list of their names.
Field Name: ancestors

Arguments

Type: List of Strings
Description: If referencing a process, the arguments of the process that generated the ops flag.
Field Name: args

Authenticated User Name

Type: String
Description: If referencing a process, the authenticated user name of the process that generated the ops flag.
Field Name: auser

Cluster Name

Type: String
Description: The name of the cluster associated with an opsflag.
Field Name: cluster_name

Description

Type: String
Description: The reason the ops flag was generated.
Field Name: description

Effective User Name

Type: String
Description: If referencing a process, the effective user name of the process that generated the ops flag.
Field Name: euser

False positive

Type: Boolean
Description: Is the opsflag a false positive?
Field Name: false_positive

Hostname

Type: String
Description: The hostname of the machine associated with an opsflag.
Field Name: hostname

Is Ephemeral

Type: Boolean
Description: Is the reference object ephemeral? Used with agent-related opsflags.
Field Name: ephemeral

Machine ID

Type: String
Description: The unique machine ID associated with the ops flag. Generally begins with 'mach:'.
Field Name: muid

Reference Object

Type: String
Description: The unique ID of the object that the ops flag is associated with.
Field Name: ref

Schema

Type: String
Description: The full schema string of the ops flag.
Field Name: schema

Severity

Type: String
Description: The alert level of the ops flag. One of: info, low, medium, high, critical.
Field Name: severity

UID

Type: String
Description: The unique ID of the ops flag.
Field Name: id

Uptime

Type: Number
Description: The uptime of the object referenced by the ops flag.
Field Name: uptime

Spydertrace

Interactive Users

Type: List of Strings
Description: The list of interactive users associated with the spydertrace.
Field Name: interactive_users

Is Interactive

Type: Boolean
Description: Is the spydertrace interactive? Interactive spydertraces are associated with interactive user processes.
Field Name: interactive

Is Overtaken

Type: Boolean
Description: Has the spydertrace been overtaken by another spydertrace? It is best to set this to false because the overtaking trace contains all of the overtaken trace.
Field Name: overtaken

Is Suppressed

Type: Boolean
Description: Is the spydertrace suppressed? Suppressed spydertraces are associated with expected activity.
Field Name: suppressed

Machine UID

Type: String
Description: The unique machine ID associated with the spydertrace. Generally begins with "mach:".
Field Name: muid

Name

Type: String
Description: The name of the spydertrace.
Field Name: name

Non-Interactive Users

Type: List of Strings
Description: The list of non-interactive users associated with the spydertrace.
Field Name: non_interactive_users

Root Process Name

Type: String
Description: Name of the root process of the spydertrace.
Field Name: root_proc_name

Schema

Type: String
Description: The full schema string of the spydertrace.
Field Name: schema

Score

Type: Integer
Description: A score ranking the severity of the spydertrace.
Field Name: score

Status

Type: String
Description: Status of the spydertrace: closed or active.
Field Name: status

Trigger

Type: String
Description: The unique ID for the object that triggered the spydertrace's creation.
Field Name: trigger

Trigger Short Name

Type: String
Description: Short name for the object that triggered the spydertrace.
Field Name: trigger_short_name

UID

Type: String
Description: The unique ID of the spydertrace.
Field Name: id

Container

Cluster Name

Type: String
Description: The name of the kubernetes cluster the container is a part of
Field Name: clustername

Cluster UID

Type: String
Description: The unique Spyderbat ID for the kubernetes cluster the container is a part of
Field Name: cluster_uid

Container ID

Type: String
Description: The long identifier of the container as reported by the container runtime
Field Name: container_id

Container Name

Type: String
Description: The name of the container as reported by the container runtime
Field Name: container_name

Image

Type: String
Description: The fully qualified name of the image used to create the container
Field Name: image

Image ID

Type: String
Description: The identifier of the image used to create the container
Field Name: image_id

Machine UID

Type: String
Description: The unique spyderbat machine ID the container is running on
Field Name: muid

Pod Labels

Type: Dictionary of Strings to Strings
Description: The kubernetes labels for the pod the container is a part of
Field Name: pod_labels

Pod Name

Type: String
Description: The name of the kubernetes pod the container is a part of
Field Name: pod_name

Pod Namespace

Type: String
Description: The namespace of the kubernetes pod the container is a part of
Field Name: pod_namespace

Pod Namespace Labels

Type: Dictionary of Strings to Strings
Description: The labels for the namespace of the kubernetes pod the container is a part of
Field Name: pod_namespace_labels

Pod UID

Type: String
Description: The unique Spyderbat ID for the kubernetes pod the container is a part of
Field Name: pod_uid

Root process UID

Type: String
Description: The spyderbat ID of the root process running in the container
Field Name: root_puid

Schema

Type: String
Description: The Spyderbat schema for the container model
Field Name: schema

UID

Type: String
Description: The unique Spyderbat ID for the container
Field Name: id

node_uid

Type: String
Field Name: node_uid

Cluster

Name

Type: String
Description: The name assigned to the cluster at spyderbat provisioning time
Field Name: name

Schema

Type: String
Description: The Spyderbat schema for the cluster model
Field Name: schema

UID

Type: String
Description: The unique Spyderbat ID for the cluster
Field Name: id

Node

Cluster Name

Type: String
Description: The name of the kubernetes cluster the node belongs to
Field Name: cluster_name

Cluster UID

Type: String
Description: The unique Spyderbat ID for the kubernetes cluster the node belongs to
Field Name: cluster_uid

Kubernetes uid

Type: String
Description: The kubernetes unique id for the node as reported in the metadata
Field Name: metadata.uid

Labels

Type: Dictionary of Strings to Strings
Description: The kubernetes labels for the node as reported in the metadata
Field Name: metadata.labels

Machine UID

Type: String
Description: The unique Spyderbat machine ID for the node
Field Name: muid

Name

Type: String
Description: The kubernetes name for the node as reported in the metadata
Field Name: metadata.name

Schema

Type: String
Description: The Spyderbat schema for the node model
Field Name: schema

UID

Type: String
Description: The unique Spyderbat ID for this model
Field Name: id

Deployment

Cluster Name

Type: String
Description: The name of the kubernetes cluster the deployment belongs to
Field Name: cluster_name

Cluster UID

Type: String
Description: The unique Spyderbat id for the kubernetes cluster the deployment belongs to
Field Name: cluster_uid

Kubernetes uid

Type: String
Description: The kubernetes unique id for the deployment as reported in the metadata
Field Name: metadata.uid

Labels

Type: Dictionary of Strings to Strings
Description: The kubernetes labels for the deployment as reported in the metadata
Field Name: metadata.labels

Name

Type: String
Description: The kubernetes name for the deployment as reported in the metadata
Field Name: metadata.name

Namespace

Type: String
Description: The kubernetes namespace for the deployment as reported in the metadata
Field Name: metadata.namespace

Schema

Type: String
Description: The Spyderbat schema for the deployment model
Field Name: schema

UID

Type: String
Description: The unique Spyderbat ID for the deployment
Field Name: id

Replicaset

Cluster Name

Type: String
Description: The name of the kubernetes cluster the replicaset belongs to
Field Name: cluster_name

Cluster UID

Type: String
Description: The unique Spyderbat id for the kubernetes cluster the replicaset belongs to
Field Name: cluster_uid

Deployment name

Type: String
Description: The name for the deployment the replicaset is owned by (if replicaset is owned by a deployment)
Field Name: deployment_name

Deployment uid

Type: String
Description: The Spyderbat unique id for the deployment the replicaset is owned by (if replicaset is owned by a deployment)
Field Name: deployment_uid

Kubernetes uid

Type: String
Description: The kubernetes unique id for the replicaset as reported in the metadata
Field Name: metadata.uid

Labels

Type: Dictionary of Strings to Strings
Description: The kubernetes labels for the replicaset as reported in the metadata
Field Name: metadata.labels

Name

Type: String
Description: The kubernetes name for the replicaset as reported in the metadata
Field Name: metadata.name

Namespace

Type: String
Description: The kubernetes namespace for the replicaset as reported in the metadata
Field Name: metadata.namespace

Schema

Type: String
Description: The Spyderbat schema for the replicaset model
Field Name: schema

UID

Type: String
Description: The unique Spyderbat ID for the replicaset
Field Name: id

Daemonset

Cluster Name

Type: String
Description: The name of the kubernetes cluster the daemonset belongs to
Field Name: cluster_name

Cluster UID

Type: String
Description: The unique Spyderbat id for the kubernetes cluster the daemonset belongs to
Field Name: cluster_uid

Kubernetes uid

Type: String
Description: The kubernetes unique id for the daemonset as reported in the metadata
Field Name: metadata.uid

Labels

Type: Dictionary of Strings to Strings
Description: The kubernetes labels for the daemonset as reported in the metadata
Field Name: metadata.labels

Name

Type: String
Description: The kubernetes name for the daemonset as reported in the metadata
Field Name: metadata.name

Namespace

Type: String
Description: The kubernetes namespace for the daemonset as reported in the metadata
Field Name: metadata.namespace

Schema

Type: String
Description: The Spyderbat schema for the daemonset model
Field Name: schema

UID

Type: String
Description: The unique Spyderbat ID for the daemonset
Field Name: id

Job

Cluster Name

Type: String
Description: The name of the kubernetes cluster the job belongs to
Field Name: cluster_name

Cluster UID

Type: String
Description: The unique Spyderbat id for the kubernetes cluster the job belongs to
Field Name: cluster_uid

Kubernetes uid

Type: String
Description: The kubernetes unique id for the job as reported in the metadata
Field Name: metadata.uid

Labels

Type: Dictionary of Strings to Strings
Description: The kubernetes labels for the job as reported in the metadata
Field Name: metadata.labels

Name

Type: String
Description: The kubernetes name for the job as reported in the metadata
Field Name: metadata.name

Namespace

Type: String
Description: The kubernetes namespace for the job as reported in the metadata
Field Name: metadata.namespace

Schema

Type: String
Description: The Spyderbat schema for the job model
Field Name: schema

UID

Type: String
Description: The unique Spyderbat ID for the job
Field Name: id

Cronjob

Cluster Name

Type: String
Description: The name of the kubernetes cluster the cronjob belongs to
Field Name: cluster_name

Cluster UID

Type: String
Description: The unique Spyderbat id for the kubernetes cluster the cronjob belongs to
Field Name: cluster_uid

Kubernetes uid

Type: String
Description: The kubernetes unique id for the cronjob as reported in the metadata
Field Name: metadata.uid

Labels

Type: Dictionary of Strings to Strings
Description: The kubernetes labels for the cronjob as reported in the metadata
Field Name: metadata.labels

Name

Type: String
Description: The kubernetes name for the cronjob as reported in the metadata
Field Name: metadata.name

Namespace

Type: String
Description: The kubernetes namespace for the cronjob as reported in the metadata
Field Name: metadata.namespace

Schema

Type: String
Description: The Spyderbat schema for the cronjob model
Field Name: schema

UID

Type: String
Description: The unique Spyderbat ID for the cronjob
Field Name: id

Statefulset

Cluster Name

Type: String
Description: The name of the kubernetes cluster the statefulset belongs to
Field Name: cluster_name

Cluster UID

Type: String
Description: The unique Spyderbat id for the kubernetes cluster the statefulset belongs to
Field Name: cluster_uid

Kubernetes uid

Type: String
Description: The kubernetes unique id for the statefulset as reported in the metadata
Field Name: metadata.uid

Labels

Type: Dictionary of Strings to Strings
Description: The kubernetes labels for the statefulset as reported in the metadata
Field Name: metadata.labels

Name

Type: String
Description: The kubernetes name for the statefulset as reported in the metadata
Field Name: metadata.name

Namespace

Type: String
Description: The kubernetes namespace for the statefulset as reported in the metadata
Field Name: metadata.namespace

Schema

Type: String
Description: The Spyderbat schema for the statefulset model
Field Name: schema

UID

Type: String
Description: The unique Spyderbat ID for the statefulset
Field Name: id

Service

Cluster Name

Type: String
Description: The name of the kubernetes cluster the service belongs to
Field Name: cluster_name

Cluster UID

Type: String
Description: The unique Spyderbat id for the kubernetes cluster the service belongs to
Field Name: cluster_uid

Kubernetes uid

Type: String
Description: The kubernetes unique id for the service as reported in the metadata
Field Name: metadata.uid

Labels

Type: Dictionary of Strings to Strings
Description: The kubernetes labels for the service as reported in the metadata
Field Name: metadata.labels

Name

Type: String
Description: The kubernetes name for the service as reported in the metadata
Field Name: metadata.name

Namespace

Type: String
Description: The kubernetes namespace for the service as reported in the metadata
Field Name: metadata.namespace

Schema

Type: String
Description: The Spyderbat schema for the service model
Field Name: schema

UID

Type: String
Description: The unique Spyderbat ID for the service
Field Name: id

Pod

Cluster Name

Type: String
Description: The name of the kubernetes cluster the pod belongs to
Field Name: cluster_name

Cluster UID

Type: String
Description: The unique Spyderbat id for the kubernetes cluster the pod belongs to
Field Name: cluster_uid

Deployment UID

Type: String
Description: The spyderbat unique id for the deployment the pod is associated with
Field Name: deployment_uid

Deployment name

Type: String
Description: The name of the deployment the pod is associated with
Field Name: deployment_name

Kubernetes uid

Type: String
Description: The kubernetes unique id for the pod as reported in the metadata
Field Name: metadata.uid

Labels

Type: Dictionary of Strings to Strings
Description: The kubernetes labels for the pod as reported in the metadata
Field Name: metadata.labels

Machine UID

Type: String
Description: The unique machine ID associated with this pod
Field Name: muid

Name

Type: String
Description: The kubernetes name for the pod as reported in the metadata
Field Name: metadata.name

Namespace

Type: String
Description: The kubernetes namespace for the pod as reported in the metadata
Field Name: metadata.namespace

Node UID

Type: String
Description: The spyderbat unique id for the node the pod is running on
Field Name: node_uid

Owner Kind

Type: String
Description: The kind of the resource that owns the pod
Field Name: owner_kind

Owner Name

Type: String
Description: The name of the resource that owns the pod
Field Name: owner_name

Owner UID

Type: String
Description: The Spyderbat unique uid of the resource that owns the pod
Field Name: owner_uid

Schema

Type: String
Description: The Spyderbat schema for the pod model
Field Name: schema

UID

Type: String
Description: The unique Spyderbat ID for the pod
Field Name: id

Role

Cluster Name

Type: String
Description: The name of the kubernetes cluster the role belongs to
Field Name: cluster_name

Cluster UID

Type: String
Description: The unique Spyderbat id for the kubernetes cluster the role belongs to
Field Name: cluster_uid

Kubernetes uid

Type: String
Description: The kubernetes unique id for the role as reported in the metadata
Field Name: metadata.uid

Labels

Type: Dictionary of Strings to Strings
Description: The kubernetes labels for the role as reported in the metadata
Field Name: metadata.labels

Name

Type: String
Description: The kubernetes name for the role as reported in the metadata
Field Name: metadata.name

Namespace

Type: String
Description: The kubernetes namespace for the role as reported in the metadata
Field Name: metadata.namespace

Schema

Type: String
Description: The Spyderbat schema for the role model
Field Name: schema

UID

Type: String
Description: The unique Spyderbat ID for the role
Field Name: id

Cluster Role

Cluster Name

Type: String
Description: The name of the kubernetes cluster the role belongs to
Field Name: cluster_name

Cluster UID

Type: String
Description: The unique Spyderbat id for the kubernetes cluster the role belongs to
Field Name: cluster_uid

Kubernetes uid

Type: String
Description: The kubernetes unique id for the role as reported in the metadata
Field Name: metadata.uid

Labels

Type: Dictionary of Strings to Strings
Description: The kubernetes labels for the role as reported in the metadata
Field Name: metadata.labels

Name

Type: String
Description: The kubernetes name for the role as reported in the metadata
Field Name: metadata.name

Schema

Type: String
Description: The Spyderbat schema for the role model
Field Name: schema

UID

Type: String
Description: The unique Spyderbat ID for the role
Field Name: id

Service Account

Cluster Name

Type: String
Description: The name of the kubernetes cluster the service account belongs to
Field Name: cluster_name

Cluster UID

Type: String
Description: The unique Spyderbat id for the kubernetes cluster the service account belongs to
Field Name: cluster_uid

Kubernetes uid

Type: String
Description: The kubernetes unique id for the service account as reported in the metadata
Field Name: metadata.uid

Labels

Type: Dictionary of Strings to Strings
Description: The kubernetes labels for the service account as reported in the metadata
Field Name: metadata.labels

Name

Type: String
Description: The kubernetes name for the service account as reported in the metadata
Field Name: metadata.name

Namespace

Type: String
Description: The kubernetes namespace for the service account as reported in the metadata
Field Name: metadata.namespace

Schema

Type: String
Description: The Spyderbat schema for the service account model
Field Name: schema

UID

Type: String
Description: The unique Spyderbat ID for the service account
Field Name: id

Role Binding

Cluster Name

Type: String
Description: The name of the kubernetes cluster the rolebinding belongs to
Field Name: cluster_name

Cluster UID

Type: String
Description: The unique Spyderbat id for the kubernetes cluster the rolebinding belongs to
Field Name: cluster_uid

Kubernetes uid

Type: String
Description: The kubernetes unique id for the rolebinding as reported in the metadata
Field Name: metadata.uid

Labels

Type: Dictionary of Strings to Strings
Description: The kubernetes labels for the rolebinding as reported in the metadata
Field Name: metadata.labels

Name

Type: String
Description: The kubernetes name for the rolebinding as reported in the metadata
Field Name: metadata.name

Namespace

Type: String
Description: The kubernetes namespace for the rolebinding as reported in the metadata
Field Name: metadata.namespace

Schema

Type: String
Description: The Spyderbat schema for the rolebinding model
Field Name: schema

UID

Type: String
Description: The unique Spyderbat ID for the rolebinding
Field Name: id

Cluster Role Binding

Cluster Name

Type: String
Description: The name of the kubernetes cluster the clusterrolebinding belongs to
Field Name: cluster_name

Cluster UID

Type: String
Description: The unique Spyderbat id for the kubernetes cluster the clusterrolebinding belongs to
Field Name: cluster_uid

Kubernetes uid

Type: String
Description: The kubernetes unique id for the clusterrolebinding as reported in the metadata
Field Name: metadata.uid

Labels

Type: Dictionary of Strings to Strings
Description: The kubernetes labels for the clusterrolebinding as reported in the metadata
Field Name: metadata.labels

Name

Type: String
Description: The kubernetes name for the clusterrolebinding as reported in the metadata
Field Name: metadata.name

Schema

Type: String
Description: The Spyderbat schema for the clusterrolebinding model
Field Name: schema

UID

Type: String
Description: The unique Spyderbat ID for the clusterrolebinding
Field Name: id

Listening Socket

Duration

Type: Number
Description: The duration of the model in seconds
Field Name: duration

Local IP

Type: IP Address
Description: The local IP address, or originating address of the connection
Field Name: local_ip

Local port

Type: Integer
Description: The local port of the connection
Field Name: local_port

Machine UID

Type: String
Description: The unique machine ID associated with this model or event
Field Name: muid

Process UIDs

Type: List of Strings
Description: The unique Spyderbat IDs for the associated processes to this socket
Field Name: puids

Schema

Type: String
Description: The full schema string of the listening socket
Field Name: schema

Status

Type: String
Description: Status of this model: closed or active
Field Name: status

UID

Type: String
Description: The unique Spyderbat ID for the listening socket.
Field Name: id

Connection

Bytes Received

Type: Integer
Description: The number of bytes received on the local side of the connection.
Field Name: bytes_rx

Bytes Sent

Type: Integer
Description: The number of bytes sent on to the remote side of the connection.
Field Name: bytes_tx

Cgroup

Type: String
Description: The latest cgroup associated with the connection.
Field Name: cgroup

Container UID

Type: String
Description: The unique ID of the container associated with the connection.
Field Name: container_uid

Destination

Type: List of Strings
Description: The destinations of the connection (max 100 array). "ipv4|ipv6:remote_ip:remote_port".
Field Name: dsts

Direction

Type: String
Description: The direction of the connection: "inbound", "outbound", or "unknown".
Field Name: direction

Duration

Type: Number
Description: The duration of the connection model in seconds at time of last update.
Field Name: duration

Family

Type: String
Description: Family: IPV4 or IPV6.
Field Name: family

Local IP

Type: IP Address
Description: The local IP address, or originating address of the connection
Field Name: local_ip

Local port

Type: Integer
Description: The local port of the connection
Field Name: local_port

Machine UID

Type: String
Description: The unique ID of the machine associated with the connection.
Field Name: muid

Payload

Type: String
Description: A string representation of the payload of the connection. For example, the domain name of a DNS request response.
Field Name: payload

Peer connection UID

Type: String
Description: The unique ID of the peer remote connection if seen by Spyderbat.
Field Name: peer_cuid

Peer machine UID

Type: String
Description: The unique ID of the peer connection's machine if seen by Spyderbat.
Field Name: peer_muid

Peer process UID

Type: String
Description: The unique ID of the peer connection's process if seen by Spyderbat.
Field Name: peer_puid

Process UID

Type: String
Description: The unique ID of the latest process associated with the connection.
Field Name: puid

Process UIDs

Type: List of Strings
Description: The unique IDs of the process(es) associated with the connection.
Field Name: puids

Process name

Type: String
Description: The name of the process associated with the connection.
Field Name: proc_name

Remote IP

Type: IP Address
Description: The IP address on the remote side of the connection.
Field Name: remote_ip

Remote hostname

Type: String
Description: The hostname on the remote side of the connection.
Field Name: remote_hostname

Remote port

Type: Integer
Description: The port number on the remote side of the connection.
Field Name: remote_port

Schema

Type: String
Description: The full schema of the connection.
Field Name: schema

Sources

Type: List of Strings
Description: The objects that are the source of the connection (max 100 array).
Field Name: srcs

Spydertraces

Type: List of Strings
Description: The unique IDs of the spydertraces this connection is a part of.
Field Name: traces

Status

Type: String
Description: Status of the connection: closed or active.
Field Name: status

UID

Type: String
Description: The unique ID for this connection.
Field Name: id

Machine

Boot Time

Type: Number
Description: The time at which the machine was booted.
Field Name: boot_time

CPU Architecture

Type: String
Description: The architecture of the CPU that is installed in the machine.
Field Name: machine_processor

CPU Model

Type: String
Description: The model of the CPU that is installed in the machine.
Field Name: cpu_model

Cloud Image ID

Type: String
Description: If from a cloud provider, the image ID.
Field Name: cloud_image_id

Cloud Instance ID

Type: String
Description: If from a cloud provider, the instance ID of the virtual machine.
Field Name: cloud_instance_id

Cloud Region ID

Type: String
Description: If from a cloud provider, the region ID.
Field Name: cloud_region

Cloud Tags

Type: Dictionary of Strings to Strings
Description: If from a cloud provider, the tags associated with the machine.
Field Name: cloud_tags

Cloud Type

Type: String
Description: If from a cloud provider, the type of cloud provider.
Field Name: cloud_type

Cluster Name

Type: String
Description: The name of the cluster the machine is associated with.
Field Name: cluster_name

Duration

Type: Number
Description: The amount of time the machine has been running in seconds.
Field Name: duration

Hostname

Type: String
Description: The hostname of the machine.
Field Name: hostname

Kernel Modules

Type: List of Strings
Description: The list of kernel modules that are installed on the machine.
Field Name: kernel_mods

OS Release

Type: String
Description: The release of the operating system installed on the machine.
Field Name: os_release

OS System

Type: String
Description: The system of the operating system installed on the machine. Generally "linux".
Field Name: os_system

OS Version

Type: String
Description: The version of the operating system installed on the machine.
Field Name: os_version

OS name

Type: String
Description: The name of the operating system installed on the machine.
Field Name: os_name

Private IP Address

Type: List of Strings
Description: The private IP addresses associated with the machine.
Field Name: private_ip

Public IP Address

Type: List of Strings
Description: The public IP addresses associated with the machine.
Field Name: public_ip

Schema

Type: String
Description: The full schema of the machine.
Field Name: schema

UID

Type: String
Description: The unique ID for this machine.
Field Name: id

Fingerprint

status

Type: String
Field Name: status

cgroup

Type: String
Field Name: cgroup

service_name

Type: String
Field Name: service_name

image

Type: String
Field Name: image

image_id

Type: String
Field Name: image_id

container_name

Type: String
Field Name: container_name

container_id

Type: String
Field Name: container_id

Machine UID

Type: String
Field Name: muid

Root Process UID

Type: String
Field Name: root_puid

Schema

Type: String
Field Name: schema

UID

Type: String
Description: The unique Spyderbat ID for this model
Field Name: id

Process

src_uid

Type: String
Field Name: src_uid

Ancestors

Type: List of Strings
Description: A list of the names of the ancestor processes
Field Name: ancestors

Arguments

Type: List of Strings
Description: The arguments specified when the process is started
Field Name: args

Authenticated user

Type: String
Description: The authenticated user name
Field Name: auser

CGroup

Type: String
Description: The Cgroup, if any, associated with the process
Field Name: cgroup

Container

Type: String
Description: The container ID
Field Name: container

Container UID

Type: String
Description: The spyderbat ID for the container model, if any
Field Name: container_uid

Duration

Type: Number
Description: The duration of the model in seconds
Field Name: duration

Effective user

Type: String
Description: The effective user who created the process
Field Name: euser

Environment Variables

Type: Dictionary of Strings to Strings
Description: A map with the name and value of all environment variables set at the time of process creation
Field Name: environ

Executable

Type: String
Description: The pathname of the executable associated with the process
Field Name: exe

Interactive

Type: Boolean
Description: Specifies if the process is associated with a terminal, and indicates if there is a human user who likely created the process
Field Name: interactive

Machine UID

Type: String
Description: The unique ID of the associated machine
Field Name: muid

Name

Type: String
Description: The name of the process
Field Name: name

Organization UID

Type: String
Description: The unique ID of the Spyderbat organization that owns this data
Field Name: org_uid

PID

Type: Integer
Description: The Unix process ID for this process
Field Name: pid

Parent PID

Type: Integer
Description: Unix process ID for the parent of this process
Field Name: ppid

Parent process UID

Type: String
Description: The unique Spyderbat ID of the parent process object
Field Name: ppuid

Schema

Type: String
Description: The string model_process:...
Field Name: schema

Session UID

Type: String
Description: The Spyderbat UID for the associated session
Field Name: suid

Status

Type: String
Description: Status of this model: closed or active
Field Name: status

Thread

Type: Boolean
Description: Indicates that this process is a thread
Field Name: thread

Traces

Type: List of Strings
Description: An array of Spyderbat UID for traces associated with this process
Field Name: traces

UID

Type: String
Description: The unique Spyderbat ID for this model
Field Name: id

Last updated 7 months ago

Was this helpful?