All Fields
Redflag
Arguments
Type: List of Strings
Description: If referencing a process, the arguments of the process that generated the red flag.
Field Name:
args
Authenticated User Name
Type: String
Description: If referencing a process, the authenticated user name of the process that generated the red flag.
Field Name:
auser
Effective User Name
Type: String
Description: If referencing a process, the effective user name of the process that generated the red flag.
Field Name:
euser
Description
Type: String
Description: The reason the red flag was generated.
Field Name:
description
ID
Type: String
Description: The unique ID of the red flag.
Field Name:
id
Machine ID
Type: String
Description: The unique machine ID associated with the red flag. Generally begins with "mach:".
Field Name:
muid
Reference Object
Type: String
Description: The unique ID of the object that the red flag is associated with.
Field Name:
ref
Schema
Type: String
Description: The full schema string of the red flag.
Field Name:
schema
Severity
Type: String
Description: The security level of the red flag. One of: info, low, medium, high, critical.
Field Name:
severity
Uptime
Type: Number
Description: The uptime of the object referenced by the redflag.
Field Name:
uptime
Spydertraces
Type: List of Strings
Description: The unique IDs of the spydertraces that this red flag is a part of.
Field Name:
traces
Is Exception
Type: Boolean
Description: Is the red flag marked as an exception? If so, the red flag was generated by expected activity.
Field Name:
false_positive
Ancestors
Type: List of Strings
Description: If the reference object has ancestor processes, this is a list of their names.
Field Name:
ancestors
Policy UID
Type: String
Description: If the red flag is associated with a Guardian policy, this is the unique ID of the policy.
Field Name:
policy_uid
Policy Name
Type: String
Description: If the red flag is associated with a Guardian policy, this is the name of the policy.
Field Name:
policy_name
Cluster Name
Type: String
Description: If red flag is associated with a cluster, or a node of a cluster, this is the name of the cluster.
Field Name:
cluster_name
Opsflag
Arguments
Type: List of Strings
Description: If referencing a process, the arguments of the process that generated the ops flag.
Field Name:
args
Authenticated User Name
Type: String
Description: If referencing a process, the authenticated user name of the process that generated the ops flag.
Field Name:
auser
Effective User Name
Type: String
Description: If referencing a process, the effective user name of the process that generated the ops flag.
Field Name:
euser
Description
Type: String
Description: The reason the ops flag was generated.
Field Name:
description
UID
Type: String
Description: The unique ID of the ops flag.
Field Name:
id
Machine ID
Type: String
Description: The unique machine ID associated with the ops flag. Generally begins with 'mach:'.
Field Name:
muid
Reference Object
Type: String
Description: The unique ID of the object that the ops flag is associated with.
Field Name:
ref
Schema
Type: String
Description: The full schema string of the ops flag.
Field Name:
schema
Severity
Type: String
Description: The alert level of the ops flag. One of: info, low, medium, high, critical.
Field Name:
severity
Uptime
Type: Number
Description: The uptime of the object referenced by the ops flag.
Field Name:
uptime
False positive
Type: Boolean
Description: Is the opsflag a false positive?
Field Name:
false_positive
Ancestors
Type: List of Strings
Description: If the reference object has ancestor processes, this is a list of their names.
Field Name:
ancestors
Is Ephemeral
Type: Boolean
Description: Is the reference object ephemeral? Used with agent-related opsflags.
Field Name:
ephemeral
Agent Type
Type: String
Description: The type of agent that generated an opsflag. Used with agent-related opsflags.
Field Name:
agent_type
Hostname
Type: String
Description: The hostname of the machine associated with an opsflag.
Field Name:
hostname
Cluster Name
Type: String
Description: The name of the cluster associated with an opsflag.
Field Name:
cluster_name
Spydertrace
UID
Type: String
Description: The unique ID of the spydertrace.
Field Name:
id
Is Interactive
Type: Boolean
Description: Is the spydertrace interactive? Interactive spydertraces are associated with interactive user processes.
Field Name:
interactive
Machine UID
Type: String
Description: The unique machine ID associated with the spydertrace. Generally begins with "mach:".
Field Name:
muid
Name
Type: String
Description: The name of the spydertrace.
Field Name:
name
Trigger
Type: String
Description: The unique ID for the object that triggered the spydertrace's creation.
Field Name:
trigger
Status
Type: String
Description: Status of the spydertrace: closed or active.
Field Name:
status
Root Process Name
Type: String
Description: Name of the root process of the spydertrace.
Field Name:
root_proc_name
Trigger Short Name
Type: String
Description: Short name for the object that triggered the spydertrace.
Field Name:
trigger_short_name
Score
Type: Integer
Description: A score ranking the severity of the spydertrace.
Field Name:
score
Interactive Users
Type: List of Strings
Description: The list of interactive users associated with the spydertrace.
Field Name:
interactive_users
Non-Interactive Users
Type: List of Strings
Description: The list of non-interactive users associated with the spydertrace.
Field Name:
non_interactive_users
Is Overtaken
Type: Boolean
Description: Has the spydertrace been overtaken by another spydertrace? It is best to set this to false because the overtaking trace contains all of the overtaken trace.
Field Name:
overtaken
Is Suppressed
Type: Boolean
Description: Is the spydertrace suppressed? Suppressed spydertraces are associated with expected activity.
Field Name:
suppressed
Container
UID
Type: String
Description: The unique Spyderbat ID for the container
Field Name:
id
Container ID
Type: String
Description: The long identifier of the container as reported by the container runtime
Field Name:
container_id
Container Name
Type: String
Description: The name of the container as reported by the container runtime
Field Name:
container_name
Image ID
Type: String
Description: The identifier of the image used to create the container
Field Name:
image_id
Image
Type: String
Description: The fully qualified name of the image used to create the container
Field Name:
image
Machine UID
Type: String
Description: The unique spyderbat machine ID the container is running on
Field Name:
muid
Root process UID
Type: String
Description: The spyderbat ID of the root process running in the container
Field Name:
root_puid
Schema
Type: String
Description: The Spyderbat schema for the container model
Field Name:
schema
Cluster UID
Type: String
Description: The unique Spyderbat ID for the kubernetes cluster the container is a part of
Field Name:
cluster_uid
Cluster Name
Type: String
Description: The name of the kubernetes cluster the container is a part of
Field Name:
clustername
node_uid
Type: String
Field Name:
node_uid
Pod UID
Type: String
Description: The unique Spyderbat ID for the kubernetes pod the container is a part of
Field Name:
pod_uid
Pod Name
Type: String
Description: The name of the kubernetes pod the container is a part of
Field Name:
pod_name
Pod Namespace
Type: String
Description: The namespace of the kubernetes pod the container is a part of
Field Name:
pod_namespace
Pod Labels
Type: Dictionary of Strings to Strings
Description: The kubernetes labels for the pod the container is a part of
Field Name:
pod_labels
Cluster
UID
Type: String
Description: The unique Spyderbat ID for the cluster
Field Name:
id
Name
Type: String
Description: The name assigned to the cluster at spyderbat provisioning time
Field Name:
name
Schema
Type: String
Description: The Spyderbat schema for the cluster model
Field Name:
schema
Node
UID
Type: String
Description: The unique Spyderbat ID for this model
Field Name:
id
Cluster UID
Type: String
Description: The unique Spyderbat ID for the kubernetes cluster the node belongs to
Field Name:
cluster_uid
Cluster Name
Type: String
Description: The name of the kubernetes cluster the node belongs to
Field Name:
cluster_name
Machine UID
Type: String
Description: The unique Spyderbat machine ID for the node
Field Name:
muid
Schema
Type: String
Description: The Spyderbat schema for the node model
Field Name:
schema
Name
Type: String
Description: The kubernetes name for the node as reported in the metadata
Field Name:
metadata.name
Labels
Type: Dictionary of Strings to Strings
Description: The kubernetes labels for the node as reported in the metadata
Field Name:
metadata.labels
Kubernetes uid
Type: String
Description: The kubernetes unique id for the node as reported in the metadata
Field Name:
metadata.uid
Deployment
UID
Type: String
Description: The unique Spyderbat ID for the deployment
Field Name:
id
Cluster UID
Type: String
Description: The unique Spyderbat id for the kubernetes cluster the deployment belongs to
Field Name:
cluster_uid
Cluster Name
Type: String
Description: The name of the kubernetes cluster the deployment belongs to
Field Name:
cluster_name
Schema
Type: String
Description: The Spyderbat schema for the deployment model
Field Name:
schema
Name
Type: String
Description: The kubernetes name for the deployment as reported in the metadata
Field Name:
metadata.name
Namespace
Type: String
Description: The kubernetes namespace for the deployment as reported in the metadata
Field Name:
metadata.namespace
Labels
Type: Dictionary of Strings to Strings
Description: The kubernetes labels for the deployment as reported in the metadata
Field Name:
metadata.labels
Kubernetes uid
Type: String
Description: The kubernetes unique id for the deployment as reported in the metadata
Field Name:
metadata.uid
Replicaset
UID
Type: String
Description: The unique Spyderbat ID for the replicaset
Field Name:
id
Cluster UID
Type: String
Description: The unique Spyderbat id for the kubernetes cluster the replicaset belongs to
Field Name:
cluster_uid
Cluster Name
Type: String
Description: The name of the kubernetes cluster the replicaset belongs to
Field Name:
cluster_name
Schema
Type: String
Description: The Spyderbat schema for the replicaset model
Field Name:
schema
Name
Type: String
Description: The kubernetes name for the replicaset as reported in the metadata
Field Name:
metadata.name
Namespace
Type: String
Description: The kubernetes namespace for the replicaset as reported in the metadata
Field Name:
metadata.namespace
Labels
Type: Dictionary of Strings to Strings
Description: The kubernetes labels for the replicaset as reported in the metadata
Field Name:
metadata.labels
Kubernetes uid
Type: String
Description: The kubernetes unique id for the replicaset as reported in the metadata
Field Name:
metadata.uid
Deployment uid
Type: String
Description: The Spyderbat unique id for the deployment the replicaset is owned by (if replicaset is owned by a deployment)
Field Name:
deployment_uid
Deployment name
Type: String
Description: The name for the deployment the replicaset is owned by (if replicaset is owned by a deployment)
Field Name:
deployment_name
Daemonset
UID
Type: String
Description: The unique Spyderbat ID for the daemonset
Field Name:
id
Cluster UID
Type: String
Description: The unique Spyderbat id for the kubernetes cluster the daemonset belongs to
Field Name:
cluster_uid
Cluster Name
Type: String
Description: The name of the kubernetes cluster the daemonset belongs to
Field Name:
cluster_name
Schema
Type: String
Description: The Spyderbat schema for the daemonset model
Field Name:
schema
Name
Type: String
Description: The kubernetes name for the daemonset as reported in the metadata
Field Name:
metadata.name
Namespace
Type: String
Description: The kubernetes namespace for the daemonset as reported in the metadata
Field Name:
metadata.namespace
Labels
Type: Dictionary of Strings to Strings
Description: The kubernetes labels for the daemonset as reported in the metadata
Field Name:
metadata.labels
Kubernetes uid
Type: String
Description: The kubernetes unique id for the daemonset as reported in the metadata
Field Name:
metadata.uid
Job
UID
Type: String
Description: The unique Spyderbat ID for the job
Field Name:
id
Cluster UID
Type: String
Description: The unique Spyderbat id for the kubernetes cluster the job belongs to
Field Name:
cluster_uid
Cluster Name
Type: String
Description: The name of the kubernetes cluster the job belongs to
Field Name:
cluster_name
Schema
Type: String
Description: The Spyderbat schema for the job model
Field Name:
schema
Name
Type: String
Description: The kubernetes name for the job as reported in the metadata
Field Name:
metadata.name
Namespace
Type: String
Description: The kubernetes namespace for the job as reported in the metadata
Field Name:
metadata.namespace
Labels
Type: Dictionary of Strings to Strings
Description: The kubernetes labels for the job as reported in the metadata
Field Name:
metadata.labels
Kubernetes uid
Type: String
Description: The kubernetes unique id for the job as reported in the metadata
Field Name:
metadata.uid
Cronjob
UID
Type: String
Description: The unique Spyderbat ID for the cronjob
Field Name:
id
Cluster UID
Type: String
Description: The unique Spyderbat id for the kubernetes cluster the cronjob belongs to
Field Name:
cluster_uid
Cluster Name
Type: String
Description: The name of the kubernetes cluster the cronjob belongs to
Field Name:
cluster_name
Schema
Type: String
Description: The Spyderbat schema for the cronjob model
Field Name:
schema
Name
Type: String
Description: The kubernetes name for the cronjob as reported in the metadata
Field Name:
metadata.name
Namespace
Type: String
Description: The kubernetes namespace for the cronjob as reported in the metadata
Field Name:
metadata.namespace
Labels
Type: Dictionary of Strings to Strings
Description: The kubernetes labels for the cronjob as reported in the metadata
Field Name:
metadata.labels
Kubernetes uid
Type: String
Description: The kubernetes unique id for the cronjob as reported in the metadata
Field Name:
metadata.uid
Statefulset
UID
Type: String
Description: The unique Spyderbat ID for the statefulset
Field Name:
id
Cluster UID
Type: String
Description: The unique Spyderbat id for the kubernetes cluster the statefulset belongs to
Field Name:
cluster_uid
Cluster Name
Type: String
Description: The name of the kubernetes cluster the statefulset belongs to
Field Name:
cluster_name
Schema
Type: String
Description: The Spyderbat schema for the statefulset model
Field Name:
schema
Name
Type: String
Description: The kubernetes name for the statefulset as reported in the metadata
Field Name:
metadata.name
Namespace
Type: String
Description: The kubernetes namespace for the statefulset as reported in the metadata
Field Name:
metadata.namespace
Labels
Type: Dictionary of Strings to Strings
Description: The kubernetes labels for the statefulset as reported in the metadata
Field Name:
metadata.labels
Kubernetes uid
Type: String
Description: The kubernetes unique id for the statefulset as reported in the metadata
Field Name:
metadata.uid
Service
UID
Type: String
Description: The unique Spyderbat ID for the service
Field Name:
id
Cluster UID
Type: String
Description: The unique Spyderbat id for the kubernetes cluster the service belongs to
Field Name:
cluster_uid
Cluster Name
Type: String
Description: The name of the kubernetes cluster the service belongs to
Field Name:
cluster_name
Schema
Type: String
Description: The Spyderbat schema for the service model
Field Name:
schema
Name
Type: String
Description: The kubernetes name for the service as reported in the metadata
Field Name:
metadata.name
Namespace
Type: String
Description: The kubernetes namespace for the service as reported in the metadata
Field Name:
metadata.namespace
Labels
Type: Dictionary of Strings to Strings
Description: The kubernetes labels for the service as reported in the metadata
Field Name:
metadata.labels
Kubernetes uid
Type: String
Description: The kubernetes unique id for the service as reported in the metadata
Field Name:
metadata.uid
Pod
UID
Type: String
Description: The unique Spyderbat ID for the pod
Field Name:
id
Cluster UID
Type: String
Description: The unique Spyderbat id for the kubernetes cluster the pod belongs to
Field Name:
cluster_uid
Cluster Name
Type: String
Description: The name of the kubernetes cluster the pod belongs to
Field Name:
cluster_name
Node UID
Type: String
Description: The spyderbat unique id for the node the pod is running on
Field Name:
node_uid
Schema
Type: String
Description: The Spyderbat schema for the pod model
Field Name:
schema
Name
Type: String
Description: The kubernetes name for the pod as reported in the metadata
Field Name:
metadata.name
Namespace
Type: String
Description: The kubernetes namespace for the pod as reported in the metadata
Field Name:
metadata.namespace
Labels
Type: Dictionary of Strings to Strings
Description: The kubernetes labels for the pod as reported in the metadata
Field Name:
metadata.labels
Kubernetes uid
Type: String
Description: The kubernetes unique id for the pod as reported in the metadata
Field Name:
metadata.uid
Deployment UID
Type: String
Description: The spyderbat unique id for the deployment the pod is associated with
Field Name:
deployment_uid
Deployment name
Type: String
Description: The name of the deployment the pod is associated with
Field Name:
deployment_name
Owner Kind
Type: String
Description: The kind of the resource that owns the pod
Field Name:
owner_kind
Owner Name
Type: String
Description: The name of the resource that owns the pod
Field Name:
owner_name
Owner UID
Type: String
Description: The Spyderbat unique uid of the resource that owns the pod
Field Name:
owner_uid
Machine UID
Type: String
Description: The unique machine ID associated with this pod
Field Name:
muid
Role
UID
Type: String
Description: The unique Spyderbat ID for the role
Field Name:
id
Cluster UID
Type: String
Description: The unique Spyderbat id for the kubernetes cluster the role belongs to
Field Name:
cluster_uid
Cluster Name
Type: String
Description: The name of the kubernetes cluster the role belongs to
Field Name:
cluster_name
Schema
Type: String
Description: The Spyderbat schema for the role model
Field Name:
schema
Name
Type: String
Description: The kubernetes name for the role as reported in the metadata
Field Name:
metadata.name
Namespace
Type: String
Description: The kubernetes namespace for the role as reported in the metadata
Field Name:
metadata.namespace
Labels
Type: Dictionary of Strings to Strings
Description: The kubernetes labels for the role as reported in the metadata
Field Name:
metadata.labels
Kubernetes uid
Type: String
Description: The kubernetes unique id for the role as reported in the metadata
Field Name:
metadata.uid
Cluster Role
UID
Type: String
Description: The unique Spyderbat ID for the role
Field Name:
id
Cluster UID
Type: String
Description: The unique Spyderbat id for the kubernetes cluster the role belongs to
Field Name:
cluster_uid
Cluster Name
Type: String
Description: The name of the kubernetes cluster the role belongs to
Field Name:
cluster_name
Schema
Type: String
Description: The Spyderbat schema for the role model
Field Name:
schema
Name
Type: String
Description: The kubernetes name for the role as reported in the metadata
Field Name:
metadata.name
Labels
Type: Dictionary of Strings to Strings
Description: The kubernetes labels for the role as reported in the metadata
Field Name:
metadata.labels
Kubernetes uid
Type: String
Description: The kubernetes unique id for the role as reported in the metadata
Field Name:
metadata.uid
Service Account
UID
Type: String
Description: The unique Spyderbat ID for the service account
Field Name:
id
Cluster UID
Type: String
Description: The unique Spyderbat id for the kubernetes cluster the service account belongs to
Field Name:
cluster_uid
Cluster Name
Type: String
Description: The name of the kubernetes cluster the service account belongs to
Field Name:
cluster_name
Schema
Type: String
Description: The Spyderbat schema for the service account model
Field Name:
schema
Name
Type: String
Description: The kubernetes name for the service account as reported in the metadata
Field Name:
metadata.name
Namespace
Type: String
Description: The kubernetes namespace for the service account as reported in the metadata
Field Name:
metadata.namespace
Labels
Type: Dictionary of Strings to Strings
Description: The kubernetes labels for the service account as reported in the metadata
Field Name:
metadata.labels
Kubernetes uid
Type: String
Description: The kubernetes unique id for the service account as reported in the metadata
Field Name:
metadata.uid
Role Binding
UID
Type: String
Description: The unique Spyderbat ID for the rolebinding
Field Name:
id
Cluster UID
Type: String
Description: The unique Spyderbat id for the kubernetes cluster the rolebinding belongs to
Field Name:
cluster_uid
Cluster Name
Type: String
Description: The name of the kubernetes cluster the rolebinding belongs to
Field Name:
cluster_name
Schema
Type: String
Description: The Spyderbat schema for the rolebinding model
Field Name:
schema
Name
Type: String
Description: The kubernetes name for the rolebinding as reported in the metadata
Field Name:
metadata.name
Namespace
Type: String
Description: The kubernetes namespace for the rolebinding as reported in the metadata
Field Name:
metadata.namespace
Labels
Type: Dictionary of Strings to Strings
Description: The kubernetes labels for the rolebinding as reported in the metadata
Field Name:
metadata.labels
Kubernetes uid
Type: String
Description: The kubernetes unique id for the rolebinding as reported in the metadata
Field Name:
metadata.uid
Cluster Role Binding
UID
Type: String
Description: The unique Spyderbat ID for the clusterrolebinding
Field Name:
id
Cluster UID
Type: String
Description: The unique Spyderbat id for the kubernetes cluster the clusterrolebinding belongs to
Field Name:
cluster_uid
Cluster Name
Type: String
Description: The name of the kubernetes cluster the clusterrolebinding belongs to
Field Name:
cluster_name
Schema
Type: String
Description: The Spyderbat schema for the clusterrolebinding model
Field Name:
schema
Name
Type: String
Description: The kubernetes name for the clusterrolebinding as reported in the metadata
Field Name:
metadata.name
Labels
Type: Dictionary of Strings to Strings
Description: The kubernetes labels for the clusterrolebinding as reported in the metadata
Field Name:
metadata.labels
Kubernetes uid
Type: String
Description: The kubernetes unique id for the clusterrolebinding as reported in the metadata
Field Name:
metadata.uid
Listening Socket
UID
Type: String
Description: The unique Spyderbat ID for the listening socket.
Field Name:
id
Duration
Type: Number
Description: The duration of the model in seconds
Field Name:
duration
Local IP
Type: IP Address
Description: The local IP address, or originating address of the connection
Field Name:
local_ip
Local port
Type: Integer
Description: The local port of the connection
Field Name:
local_port
Machine UID
Type: String
Description: The unique machine ID associated with this model or event
Field Name:
muid
Process UIDs
Type: List of Strings
Description: The unique Spyderbat IDs for the associated processes to this socket
Field Name:
puids
Schema
Type: String
Description: The full schema string of the listening socket
Field Name:
schema
Status
Type: String
Description: Status of this model: closed or active
Field Name:
status
Connection
Bytes Received
Type: Integer
Description: The number of bytes received on the local side of the connection.
Field Name:
bytes_rx
Bytes Sent
Type: Integer
Description: The number of bytes sent on to the remote side of the connection.
Field Name:
bytes_tx
Direction
Type: String
Description: The direction of the connection: "inbound", "outbound", or "unknown".
Field Name:
direction
Destination
Type: List of Strings
Description: The destinations of the connection (max 100 array). "ipv4|ipv6:remote_ip:remote_port".
Field Name:
dsts
Duration
Type: Number
Description: The duration of the connection model in seconds at time of last update.
Field Name:
duration
Family
Type: String
Description: Family: IPV4 or IPV6.
Field Name:
family
UID
Type: String
Description: The unique ID for this connection.
Field Name:
id
Local IP
Type: IP Address
Description: The local IP address, or originating address of the connection
Field Name:
local_ip
Local port
Type: Integer
Description: The local port of the connection
Field Name:
local_port
Machine UID
Type: String
Description: The unique ID of the machine associated with the connection.
Field Name:
muid
Container UID
Type: String
Description: The unique ID of the container associated with the connection.
Field Name:
container_uid
Payload
Type: String
Description: A string representation of the payload of the connection. For example, the domain name of a DNS request response.
Field Name:
payload
Peer connection UID
Type: String
Description: The unique ID of the peer remote connection if seen by Spyderbat.
Field Name:
peer_cuid
Peer machine UID
Type: String
Description: The unique ID of the peer connection's machine if seen by Spyderbat.
Field Name:
peer_muid
Peer process UID
Type: String
Description: The unique ID of the peer connection's process if seen by Spyderbat.
Field Name:
peer_puid
Process name
Type: String
Description: The name of the process associated with the connection.
Field Name:
proc_name
Process UIDs
Type: List of Strings
Description: The unique IDs of the process(es) associated with the connection.
Field Name:
puids
Remote IP
Type: IP Address
Description: The IP address on the remote side of the connection.
Field Name:
remote_ip
Remote port
Type: Integer
Description: The port number on the remote side of the connection.
Field Name:
remote_port
Remote hostname
Type: String
Description: The hostname on the remote side of the connection.
Field Name:
remote_hostname
Schema
Type: String
Description: The full schema of the connection.
Field Name:
schema
Sources
Type: List of Strings
Description: The objects that are the source of the connection (max 100 array).
Field Name:
srcs
Spydertraces
Type: List of Strings
Description: The unique IDs of the spydertraces this connection is a part of.
Field Name:
traces
Status
Type: String
Description: Status of the connection: closed or active.
Field Name:
status
Machine
Cloud Image ID
Type: String
Description: If from a cloud provider, the image ID.
Field Name:
cloud_image_id
Cloud Instance ID
Type: String
Description: If from a cloud provider, the instance ID of the virtual machine.
Field Name:
cloud_instance_id
Cloud Region ID
Type: String
Description: If from a cloud provider, the region ID.
Field Name:
cloud_region
Cloud Type
Type: String
Description: If from a cloud provider, the type of cloud provider.
Field Name:
cloud_type
Cloud Tags
Type: Dictionary of Strings to Strings
Description: If from a cloud provider, the tags associated with the machine.
Field Name:
cloud_tags
CPU Model
Type: String
Description: The model of the CPU that is installed in the machine.
Field Name:
cpu_model
Boot Time
Type: Number
Description: The time at which the machine was booted.
Field Name:
boot_time
Duration
Type: Number
Description: The amount of time the machine has been running in seconds.
Field Name:
duration
Hostname
Type: String
Description: The hostname of the machine.
Field Name:
hostname
Public IP Address
Type: List of Strings
Description: The public IP addresses associated with the machine.
Field Name:
public_ip
UID
Type: String
Description: The unique ID for this machine.
Field Name:
id
CPU Architecture
Type: String
Description: The architecture of the CPU that is installed in the machine.
Field Name:
machine_processor
Kernel Modules
Type: List of Strings
Description: The list of kernel modules that are installed on the machine.
Field Name:
kernel_mods
Private IP Address
Type: List of Strings
Description: The private IP addresses associated with the machine.
Field Name:
private_ip
OS name
Type: String
Description: The name of the operating system installed on the machine.
Field Name:
os_name
OS Release
Type: String
Description: The release of the operating system installed on the machine.
Field Name:
os_release
OS Version
Type: String
Description: The version of the operating system installed on the machine.
Field Name:
os_version
OS System
Type: String
Description: The system of the operating system installed on the machine. Generally "linux".
Field Name:
os_system
Schema
Type: String
Description: The full schema of the machine.
Field Name:
schema
Fingerprint
UID
Type: String
Description: The unique Spyderbat ID for this model
Field Name:
id
Root Process UID
Type: String
Field Name:
root_puid
Machine UID
Type: String
Field Name:
muid
Schema
Type: String
Field Name:
schema
status
Type: String
Field Name:
status
cgroup
Type: String
Field Name:
cgroup
service_name
Type: String
Field Name:
service_name
image
Type: String
Field Name:
image
image_id
Type: String
Field Name:
image_id
container_name
Type: String
Field Name:
container_name
container_id
Type: String
Field Name:
container_id
Process
Arguments
Type: List of Strings
Description: The arguments specified when the process is started
Field Name:
args
Authenticated user
Type: String
Description: The authenticated user name
Field Name:
auser
Duration
Type: Number
Description: The duration of the model in seconds
Field Name:
duration
Ancestors
Type: List of Strings
Description: A list of the names of the ancestor processes
Field Name:
ancestors
Environment Variables
Type: Dictionary of Strings to Strings
Description: A map with the name and value of all environment variables set at the time of process creation
Field Name:
environ
Effective user
Type: String
Description: The effective user who created the process
Field Name:
euser
Executable
Type: String
Description: The pathname of the executable associated with the process
Field Name:
exe
Container
Type: String
Description: The container ID
Field Name:
container
Container UID
Type: String
Description: The spyderbat ID for the container model, if any
Field Name:
container_uid
CGroup
Type: String
Description: The Cgroup, if any, associated with the process
Field Name:
cgroup
UID
Type: String
Description: The unique Spyderbat ID for this model
Field Name:
id
Thread
Type: Boolean
Description: Indicates that this process is a thread
Field Name:
thread
Interactive
Type: Boolean
Description: Specifies if the process is associated with a terminal, and indicates if there is a human user who likely created the process
Field Name:
interactive
Machine UID
Type: String
Description: The unique ID of the associated machine
Field Name:
muid
Organization UID
Type: String
Description: The unique ID of the Spyderbat organization that owns this data
Field Name:
org_uid
PID
Type: Integer
Description: The Unix process ID for this process
Field Name:
pid
Parent PID
Type: Integer
Description: Unix process ID for the parent of this process
Field Name:
ppid
Parent process UID
Type: String
Description: The unique Spyderbat ID of the parent process object
Field Name:
ppuid
Schema
Type: String
Description: The string model_process:...
Field Name:
schema
src_uid
Type: String
Field Name:
src_uid
Status
Type: String
Description: Status of this model: closed or active
Field Name:
status
Session UID
Type: String
Description: The Spyderbat UID for the associated session
Field Name:
suid
Traces
Type: List of Strings
Description: An array of Spyderbat UID for traces associated with this process
Field Name:
traces
Last updated