# All Fields ## **Redflag** ### **Ancestors** * *Type:* List of Strings * *Description:* If the reference object has ancestor processes, this is a list of their names. * *Field Name:* `ancestors` ### **Arguments** * *Type:* List of Strings * *Description:* If referencing a process, the arguments of the process that generated the red flag. * *Field Name:* `args` ### **Authenticated User Name** * *Type:* String * *Description:* If referencing a process, the authenticated user name of the process that generated the red flag. * *Field Name:* `auser` ### **Cluster Name** * *Type:* String * *Description:* If red flag is associated with a cluster, or a node of a cluster, this is the name of the cluster. * *Field Name:* `cluster_name` ### **Description** * *Type:* String * *Description:* The reason the red flag was generated. * *Field Name:* `description` ### **Effective User Name** * *Type:* String * *Description:* If referencing a process, the effective user name of the process that generated the red flag. * *Field Name:* `euser` ### **ID** * *Type:* String * *Description:* The unique ID of the red flag. * *Field Name:* `id` ### **Is Exception** * *Type:* Boolean * *Description:* Is the red flag marked as an exception? If so, the red flag was generated by expected activity. * *Field Name:* `false_positive` ### **Machine ID** * *Type:* String * *Description:* The unique machine ID associated with the red flag. Generally begins with "mach:". * *Field Name:* `muid` ### **Policy Name** * *Type:* String * *Description:* If the red flag is associated with a Guardian policy, this is the name of the policy. * *Field Name:* `policy_name` ### **Policy UID** * *Type:* String * *Description:* If the red flag is associated with a Guardian policy, this is the unique ID of the policy. * *Field Name:* `policy_uid` ### **Reference Object** * *Type:* String * *Description:* The unique ID of the object that the red flag is associated with. * *Field Name:* `ref` ### **Schema** * *Type:* String * *Description:* The full schema string of the red flag. * *Field Name:* `schema` ### **Severity** * *Type:* String * *Description:* The security level of the red flag. One of: info, low, medium, high, critical. * *Field Name:* `severity` ### **Spydertraces** * *Type:* List of Strings * *Description:* The unique IDs of the spydertraces that this red flag is a part of. * *Field Name:* `traces` ### **Uptime** * *Type:* Number * *Description:* The uptime of the object referenced by the redflag. * *Field Name:* `uptime` ## **Opsflag** ### **Agent Type** * *Type:* String * *Description:* The type of agent that generated an opsflag. Used with agent-related opsflags. * *Field Name:* `agent_type` ### **Ancestors** * *Type:* List of Strings * *Description:* If the reference object has ancestor processes, this is a list of their names. * *Field Name:* `ancestors` ### **Arguments** * *Type:* List of Strings * *Description:* If referencing a process, the arguments of the process that generated the ops flag. * *Field Name:* `args` ### **Authenticated User Name** * *Type:* String * *Description:* If referencing a process, the authenticated user name of the process that generated the ops flag. * *Field Name:* `auser` ### **Cluster Name** * *Type:* String * *Description:* The name of the cluster associated with an opsflag. * *Field Name:* `cluster_name` ### **Description** * *Type:* String * *Description:* The reason the ops flag was generated. * *Field Name:* `description` ### **Effective User Name** * *Type:* String * *Description:* If referencing a process, the effective user name of the process that generated the ops flag. * *Field Name:* `euser` ### **False positive** * *Type:* Boolean * *Description:* Is the opsflag a false positive? * *Field Name:* `false_positive` ### **Hostname** * *Type:* String * *Description:* The hostname of the machine associated with an opsflag. * *Field Name:* `hostname` ### **Is Ephemeral** * *Type:* Boolean * *Description:* Is the reference object ephemeral? Used with agent-related opsflags. * *Field Name:* `ephemeral` ### **Machine ID** * *Type:* String * *Description:* The unique machine ID associated with the ops flag. Generally begins with 'mach:'. * *Field Name:* `muid` ### **Reference Object** * *Type:* String * *Description:* The unique ID of the object that the ops flag is associated with. * *Field Name:* `ref` ### **Schema** * *Type:* String * *Description:* The full schema string of the ops flag. * *Field Name:* `schema` ### **Severity** * *Type:* String * *Description:* The alert level of the ops flag. One of: info, low, medium, high, critical. * *Field Name:* `severity` ### **UID** * *Type:* String * *Description:* The unique ID of the ops flag. * *Field Name:* `id` ### **Uptime** * *Type:* Number * *Description:* The uptime of the object referenced by the ops flag. * *Field Name:* `uptime` ## **Spydertrace** ### **Interactive Users** * *Type:* List of Strings * *Description:* The list of interactive users associated with the spydertrace. * *Field Name:* `interactive_users` ### **Is Interactive** * *Type:* Boolean * *Description:* Is the spydertrace interactive? Interactive spydertraces are associated with interactive user processes. * *Field Name:* `interactive` ### **Is Overtaken** * *Type:* Boolean * *Description:* Has the spydertrace been overtaken by another spydertrace? It is best to set this to false because the overtaking trace contains all of the overtaken trace. * *Field Name:* `overtaken` ### **Is Suppressed** * *Type:* Boolean * *Description:* Is the spydertrace suppressed? Suppressed spydertraces are associated with expected activity. * *Field Name:* `suppressed` ### **Machine UID** * *Type:* String * *Description:* The unique machine ID associated with the spydertrace. Generally begins with "mach:". * *Field Name:* `muid` ### **Name** * *Type:* String * *Description:* The name of the spydertrace. * *Field Name:* `name` ### **Non-Interactive Users** * *Type:* List of Strings * *Description:* The list of non-interactive users associated with the spydertrace. * *Field Name:* `non_interactive_users` ### **Root Process Name** * *Type:* String * *Description:* Name of the root process of the spydertrace. * *Field Name:* `root_proc_name` ### **Schema** * *Type:* String * *Description:* The full schema string of the spydertrace. * *Field Name:* `schema` ### **Score** * *Type:* Integer * *Description:* A score ranking the severity of the spydertrace. * *Field Name:* `score` ### **Status** * *Type:* String * *Description:* Status of the spydertrace: closed or active. * *Field Name:* `status` ### **Trigger** * *Type:* String * *Description:* The unique ID for the object that triggered the spydertrace's creation. * *Field Name:* `trigger` ### **Trigger Short Name** * *Type:* String * *Description:* Short name for the object that triggered the spydertrace. * *Field Name:* `trigger_short_name` ### **UID** * *Type:* String * *Description:* The unique ID of the spydertrace. * *Field Name:* `id` ## **Container** [Link to Related Objects](/reference/search/search-joins.md#container) ### **Cluster Name** * *Type:* String * *Description:* The name of the kubernetes cluster the container is a part of * *Field Name:* `clustername` ### **Cluster UID** * *Type:* String * *Description:* The unique Spyderbat ID for the kubernetes cluster the container is a part of * *Field Name:* `cluster_uid` ### **Container ID** * *Type:* String * *Description:* The long identifier of the container as reported by the container runtime * *Field Name:* `container_id` ### **Container Name** * *Type:* String * *Description:* The name of the container as reported by the container runtime * *Field Name:* `container_name` ### **Image** * *Type:* String * *Description:* The fully qualified name of the image used to create the container * *Field Name:* `image` ### **Image ID** * *Type:* String * *Description:* The identifier of the image used to create the container * *Field Name:* `image_id` ### **Machine UID** * *Type:* String * *Description:* The unique spyderbat machine ID the container is running on * *Field Name:* `muid` ### **Pod Labels** * *Type:* Dictionary of Strings to Strings * *Description:* The kubernetes labels for the pod the container is a part of * *Field Name:* `pod_labels` ### **Pod Name** * *Type:* String * *Description:* The name of the kubernetes pod the container is a part of * *Field Name:* `pod_name` ### **Pod Namespace** * *Type:* String * *Description:* The namespace of the kubernetes pod the container is a part of * *Field Name:* `pod_namespace` ### **Pod Namespace Labels** * *Type:* Dictionary of Strings to Strings * *Description:* The labels for the namespace of the kubernetes pod the container is a part of * *Field Name:* `pod_namespace_labels` ### **Pod UID** * *Type:* String * *Description:* The unique Spyderbat ID for the kubernetes pod the container is a part of * *Field Name:* `pod_uid` ### **Root process UID** * *Type:* String * *Description:* The spyderbat ID of the root process running in the container * *Field Name:* `root_puid` ### **Schema** * *Type:* String * *Description:* The Spyderbat schema for the container model * *Field Name:* `schema` ### **UID** * *Type:* String * *Description:* The unique Spyderbat ID for the container * *Field Name:* `id` ### **node\_uid** * *Type:* String * *Field Name:* `node_uid` ## **Cluster** [Link to Related Objects](/reference/search/search-joins.md#cluster-1) ### **Name** * *Type:* String * *Description:* The name assigned to the cluster at spyderbat provisioning time * *Field Name:* `name` ### **Schema** * *Type:* String * *Description:* The Spyderbat schema for the cluster model * *Field Name:* `schema` ### **UID** * *Type:* String * *Description:* The unique Spyderbat ID for the cluster * *Field Name:* `id` ## **Node** [Link to Related Objects](/reference/search/search-joins.md#node-1) ### **Cluster Name** * *Type:* String * *Description:* The name of the kubernetes cluster the node belongs to * *Field Name:* `cluster_name` ### **Cluster UID** * *Type:* String * *Description:* The unique Spyderbat ID for the kubernetes cluster the node belongs to * *Field Name:* `cluster_uid` ### **Kubernetes uid** * *Type:* String * *Description:* The kubernetes unique id for the node as reported in the metadata * *Field Name:* `metadata.uid` ### **Labels** * *Type:* Dictionary of Strings to Strings * *Description:* The kubernetes labels for the node as reported in the metadata * *Field Name:* `metadata.labels` ### **Machine UID** * *Type:* String * *Description:* The unique Spyderbat machine ID for the node * *Field Name:* `muid` ### **Name** * *Type:* String * *Description:* The kubernetes name for the node as reported in the metadata * *Field Name:* `metadata.name` ### **Schema** * *Type:* String * *Description:* The Spyderbat schema for the node model * *Field Name:* `schema` ### **UID** * *Type:* String * *Description:* The unique Spyderbat ID for this model * *Field Name:* `id` ## **Deployment** [Link to Related Objects](/reference/search/search-joins.md#deployment) ### **Cluster Name** * *Type:* String * *Description:* The name of the kubernetes cluster the deployment belongs to * *Field Name:* `cluster_name` ### **Cluster UID** * *Type:* String * *Description:* The unique Spyderbat id for the kubernetes cluster the deployment belongs to * *Field Name:* `cluster_uid` ### **Kubernetes uid** * *Type:* String * *Description:* The kubernetes unique id for the deployment as reported in the metadata * *Field Name:* `metadata.uid` ### **Labels** * *Type:* Dictionary of Strings to Strings * *Description:* The kubernetes labels for the deployment as reported in the metadata * *Field Name:* `metadata.labels` ### **Name** * *Type:* String * *Description:* The kubernetes name for the deployment as reported in the metadata * *Field Name:* `metadata.name` ### **Namespace** * *Type:* String * *Description:* The kubernetes namespace for the deployment as reported in the metadata * *Field Name:* `metadata.namespace` ### **Schema** * *Type:* String * *Description:* The Spyderbat schema for the deployment model * *Field Name:* `schema` ### **UID** * *Type:* String * *Description:* The unique Spyderbat ID for the deployment * *Field Name:* `id` ## **Replicaset** [Link to Related Objects](/reference/search/search-joins.md#replicaset) ### **Cluster Name** * *Type:* String * *Description:* The name of the kubernetes cluster the replicaset belongs to * *Field Name:* `cluster_name` ### **Cluster UID** * *Type:* String * *Description:* The unique Spyderbat id for the kubernetes cluster the replicaset belongs to * *Field Name:* `cluster_uid` ### **Deployment name** * *Type:* String * *Description:* The name for the deployment the replicaset is owned by (if replicaset is owned by a deployment) * *Field Name:* `deployment_name` ### **Deployment uid** * *Type:* String * *Description:* The Spyderbat unique id for the deployment the replicaset is owned by (if replicaset is owned by a deployment) * *Field Name:* `deployment_uid` ### **Kubernetes uid** * *Type:* String * *Description:* The kubernetes unique id for the replicaset as reported in the metadata * *Field Name:* `metadata.uid` ### **Labels** * *Type:* Dictionary of Strings to Strings * *Description:* The kubernetes labels for the replicaset as reported in the metadata * *Field Name:* `metadata.labels` ### **Name** * *Type:* String * *Description:* The kubernetes name for the replicaset as reported in the metadata * *Field Name:* `metadata.name` ### **Namespace** * *Type:* String * *Description:* The kubernetes namespace for the replicaset as reported in the metadata * *Field Name:* `metadata.namespace` ### **Schema** * *Type:* String * *Description:* The Spyderbat schema for the replicaset model * *Field Name:* `schema` ### **UID** * *Type:* String * *Description:* The unique Spyderbat ID for the replicaset * *Field Name:* `id` ## **Daemonset** [Link to Related Objects](/reference/search/search-joins.md#daemonset) ### **Cluster Name** * *Type:* String * *Description:* The name of the kubernetes cluster the daemonset belongs to * *Field Name:* `cluster_name` ### **Cluster UID** * *Type:* String * *Description:* The unique Spyderbat id for the kubernetes cluster the daemonset belongs to * *Field Name:* `cluster_uid` ### **Kubernetes uid** * *Type:* String * *Description:* The kubernetes unique id for the daemonset as reported in the metadata * *Field Name:* `metadata.uid` ### **Labels** * *Type:* Dictionary of Strings to Strings * *Description:* The kubernetes labels for the daemonset as reported in the metadata * *Field Name:* `metadata.labels` ### **Name** * *Type:* String * *Description:* The kubernetes name for the daemonset as reported in the metadata * *Field Name:* `metadata.name` ### **Namespace** * *Type:* String * *Description:* The kubernetes namespace for the daemonset as reported in the metadata * *Field Name:* `metadata.namespace` ### **Schema** * *Type:* String * *Description:* The Spyderbat schema for the daemonset model * *Field Name:* `schema` ### **UID** * *Type:* String * *Description:* The unique Spyderbat ID for the daemonset * *Field Name:* `id` ## **Job** [Link to Related Objects](/reference/search/search-joins.md#job) ### **Cluster Name** * *Type:* String * *Description:* The name of the kubernetes cluster the job belongs to * *Field Name:* `cluster_name` ### **Cluster UID** * *Type:* String * *Description:* The unique Spyderbat id for the kubernetes cluster the job belongs to * *Field Name:* `cluster_uid` ### **Kubernetes uid** * *Type:* String * *Description:* The kubernetes unique id for the job as reported in the metadata * *Field Name:* `metadata.uid` ### **Labels** * *Type:* Dictionary of Strings to Strings * *Description:* The kubernetes labels for the job as reported in the metadata * *Field Name:* `metadata.labels` ### **Name** * *Type:* String * *Description:* The kubernetes name for the job as reported in the metadata * *Field Name:* `metadata.name` ### **Namespace** * *Type:* String * *Description:* The kubernetes namespace for the job as reported in the metadata * *Field Name:* `metadata.namespace` ### **Schema** * *Type:* String * *Description:* The Spyderbat schema for the job model * *Field Name:* `schema` ### **UID** * *Type:* String * *Description:* The unique Spyderbat ID for the job * *Field Name:* `id` ## **Cronjob** [Link to Related Objects](/reference/search/search-joins.md#cronjob) ### **Cluster Name** * *Type:* String * *Description:* The name of the kubernetes cluster the cronjob belongs to * *Field Name:* `cluster_name` ### **Cluster UID** * *Type:* String * *Description:* The unique Spyderbat id for the kubernetes cluster the cronjob belongs to * *Field Name:* `cluster_uid` ### **Kubernetes uid** * *Type:* String * *Description:* The kubernetes unique id for the cronjob as reported in the metadata * *Field Name:* `metadata.uid` ### **Labels** * *Type:* Dictionary of Strings to Strings * *Description:* The kubernetes labels for the cronjob as reported in the metadata * *Field Name:* `metadata.labels` ### **Name** * *Type:* String * *Description:* The kubernetes name for the cronjob as reported in the metadata * *Field Name:* `metadata.name` ### **Namespace** * *Type:* String * *Description:* The kubernetes namespace for the cronjob as reported in the metadata * *Field Name:* `metadata.namespace` ### **Schema** * *Type:* String * *Description:* The Spyderbat schema for the cronjob model * *Field Name:* `schema` ### **UID** * *Type:* String * *Description:* The unique Spyderbat ID for the cronjob * *Field Name:* `id` ## **Statefulset** [Link to Related Objects](/reference/search/search-joins.md#statefulset) ### **Cluster Name** * *Type:* String * *Description:* The name of the kubernetes cluster the statefulset belongs to * *Field Name:* `cluster_name` ### **Cluster UID** * *Type:* String * *Description:* The unique Spyderbat id for the kubernetes cluster the statefulset belongs to * *Field Name:* `cluster_uid` ### **Kubernetes uid** * *Type:* String * *Description:* The kubernetes unique id for the statefulset as reported in the metadata * *Field Name:* `metadata.uid` ### **Labels** * *Type:* Dictionary of Strings to Strings * *Description:* The kubernetes labels for the statefulset as reported in the metadata * *Field Name:* `metadata.labels` ### **Name** * *Type:* String * *Description:* The kubernetes name for the statefulset as reported in the metadata * *Field Name:* `metadata.name` ### **Namespace** * *Type:* String * *Description:* The kubernetes namespace for the statefulset as reported in the metadata * *Field Name:* `metadata.namespace` ### **Schema** * *Type:* String * *Description:* The Spyderbat schema for the statefulset model * *Field Name:* `schema` ### **UID** * *Type:* String * *Description:* The unique Spyderbat ID for the statefulset * *Field Name:* `id` ## **Service** [Link to Related Objects](/reference/search/search-joins.md#service) ### **Cluster Name** * *Type:* String * *Description:* The name of the kubernetes cluster the service belongs to * *Field Name:* `cluster_name` ### **Cluster UID** * *Type:* String * *Description:* The unique Spyderbat id for the kubernetes cluster the service belongs to * *Field Name:* `cluster_uid` ### **Kubernetes uid** * *Type:* String * *Description:* The kubernetes unique id for the service as reported in the metadata * *Field Name:* `metadata.uid` ### **Labels** * *Type:* Dictionary of Strings to Strings * *Description:* The kubernetes labels for the service as reported in the metadata * *Field Name:* `metadata.labels` ### **Name** * *Type:* String * *Description:* The kubernetes name for the service as reported in the metadata * *Field Name:* `metadata.name` ### **Namespace** * *Type:* String * *Description:* The kubernetes namespace for the service as reported in the metadata * *Field Name:* `metadata.namespace` ### **Schema** * *Type:* String * *Description:* The Spyderbat schema for the service model * *Field Name:* `schema` ### **UID** * *Type:* String * *Description:* The unique Spyderbat ID for the service * *Field Name:* `id` ## **Pod** [Link to Related Objects](/reference/search/search-joins.md#pod-1) ### **Cluster Name** * *Type:* String * *Description:* The name of the kubernetes cluster the pod belongs to * *Field Name:* `cluster_name` ### **Cluster UID** * *Type:* String * *Description:* The unique Spyderbat id for the kubernetes cluster the pod belongs to * *Field Name:* `cluster_uid` ### **Deployment UID** * *Type:* String * *Description:* The spyderbat unique id for the deployment the pod is associated with * *Field Name:* `deployment_uid` ### **Deployment name** * *Type:* String * *Description:* The name of the deployment the pod is associated with * *Field Name:* `deployment_name` ### **Kubernetes uid** * *Type:* String * *Description:* The kubernetes unique id for the pod as reported in the metadata * *Field Name:* `metadata.uid` ### **Labels** * *Type:* Dictionary of Strings to Strings * *Description:* The kubernetes labels for the pod as reported in the metadata * *Field Name:* `metadata.labels` ### **Machine UID** * *Type:* String * *Description:* The unique machine ID associated with this pod * *Field Name:* `muid` ### **Name** * *Type:* String * *Description:* The kubernetes name for the pod as reported in the metadata * *Field Name:* `metadata.name` ### **Namespace** * *Type:* String * *Description:* The kubernetes namespace for the pod as reported in the metadata * *Field Name:* `metadata.namespace` ### **Node UID** * *Type:* String * *Description:* The spyderbat unique id for the node the pod is running on * *Field Name:* `node_uid` ### **Owner Kind** * *Type:* String * *Description:* The kind of the resource that owns the pod * *Field Name:* `owner_kind` ### **Owner Name** * *Type:* String * *Description:* The name of the resource that owns the pod * *Field Name:* `owner_name` ### **Owner UID** * *Type:* String * *Description:* The Spyderbat unique uid of the resource that owns the pod * *Field Name:* `owner_uid` ### **Schema** * *Type:* String * *Description:* The Spyderbat schema for the pod model * *Field Name:* `schema` ### **UID** * *Type:* String * *Description:* The unique Spyderbat ID for the pod * *Field Name:* `id` ## **Role** ### **Cluster Name** * *Type:* String * *Description:* The name of the kubernetes cluster the role belongs to * *Field Name:* `cluster_name` ### **Cluster UID** * *Type:* String * *Description:* The unique Spyderbat id for the kubernetes cluster the role belongs to * *Field Name:* `cluster_uid` ### **Kubernetes uid** * *Type:* String * *Description:* The kubernetes unique id for the role as reported in the metadata * *Field Name:* `metadata.uid` ### **Labels** * *Type:* Dictionary of Strings to Strings * *Description:* The kubernetes labels for the role as reported in the metadata * *Field Name:* `metadata.labels` ### **Name** * *Type:* String * *Description:* The kubernetes name for the role as reported in the metadata * *Field Name:* `metadata.name` ### **Namespace** * *Type:* String * *Description:* The kubernetes namespace for the role as reported in the metadata * *Field Name:* `metadata.namespace` ### **Schema** * *Type:* String * *Description:* The Spyderbat schema for the role model * *Field Name:* `schema` ### **UID** * *Type:* String * *Description:* The unique Spyderbat ID for the role * *Field Name:* `id` ## **Cluster Role** ### **Cluster Name** * *Type:* String * *Description:* The name of the kubernetes cluster the role belongs to * *Field Name:* `cluster_name` ### **Cluster UID** * *Type:* String * *Description:* The unique Spyderbat id for the kubernetes cluster the role belongs to * *Field Name:* `cluster_uid` ### **Kubernetes uid** * *Type:* String * *Description:* The kubernetes unique id for the role as reported in the metadata * *Field Name:* `metadata.uid` ### **Labels** * *Type:* Dictionary of Strings to Strings * *Description:* The kubernetes labels for the role as reported in the metadata * *Field Name:* `metadata.labels` ### **Name** * *Type:* String * *Description:* The kubernetes name for the role as reported in the metadata * *Field Name:* `metadata.name` ### **Schema** * *Type:* String * *Description:* The Spyderbat schema for the role model * *Field Name:* `schema` ### **UID** * *Type:* String * *Description:* The unique Spyderbat ID for the role * *Field Name:* `id` ## **Service Account** ### **Cluster Name** * *Type:* String * *Description:* The name of the kubernetes cluster the service account belongs to * *Field Name:* `cluster_name` ### **Cluster UID** * *Type:* String * *Description:* The unique Spyderbat id for the kubernetes cluster the service account belongs to * *Field Name:* `cluster_uid` ### **Kubernetes uid** * *Type:* String * *Description:* The kubernetes unique id for the service account as reported in the metadata * *Field Name:* `metadata.uid` ### **Labels** * *Type:* Dictionary of Strings to Strings * *Description:* The kubernetes labels for the service account as reported in the metadata * *Field Name:* `metadata.labels` ### **Name** * *Type:* String * *Description:* The kubernetes name for the service account as reported in the metadata * *Field Name:* `metadata.name` ### **Namespace** * *Type:* String * *Description:* The kubernetes namespace for the service account as reported in the metadata * *Field Name:* `metadata.namespace` ### **Schema** * *Type:* String * *Description:* The Spyderbat schema for the service account model * *Field Name:* `schema` ### **UID** * *Type:* String * *Description:* The unique Spyderbat ID for the service account * *Field Name:* `id` ## **Role Binding** ### **Cluster Name** * *Type:* String * *Description:* The name of the kubernetes cluster the rolebinding belongs to * *Field Name:* `cluster_name` ### **Cluster UID** * *Type:* String * *Description:* The unique Spyderbat id for the kubernetes cluster the rolebinding belongs to * *Field Name:* `cluster_uid` ### **Kubernetes uid** * *Type:* String * *Description:* The kubernetes unique id for the rolebinding as reported in the metadata * *Field Name:* `metadata.uid` ### **Labels** * *Type:* Dictionary of Strings to Strings * *Description:* The kubernetes labels for the rolebinding as reported in the metadata * *Field Name:* `metadata.labels` ### **Name** * *Type:* String * *Description:* The kubernetes name for the rolebinding as reported in the metadata * *Field Name:* `metadata.name` ### **Namespace** * *Type:* String * *Description:* The kubernetes namespace for the rolebinding as reported in the metadata * *Field Name:* `metadata.namespace` ### **Schema** * *Type:* String * *Description:* The Spyderbat schema for the rolebinding model * *Field Name:* `schema` ### **UID** * *Type:* String * *Description:* The unique Spyderbat ID for the rolebinding * *Field Name:* `id` ## **Cluster Role Binding** ### **Cluster Name** * *Type:* String * *Description:* The name of the kubernetes cluster the clusterrolebinding belongs to * *Field Name:* `cluster_name` ### **Cluster UID** * *Type:* String * *Description:* The unique Spyderbat id for the kubernetes cluster the clusterrolebinding belongs to * *Field Name:* `cluster_uid` ### **Kubernetes uid** * *Type:* String * *Description:* The kubernetes unique id for the clusterrolebinding as reported in the metadata * *Field Name:* `metadata.uid` ### **Labels** * *Type:* Dictionary of Strings to Strings * *Description:* The kubernetes labels for the clusterrolebinding as reported in the metadata * *Field Name:* `metadata.labels` ### **Name** * *Type:* String * *Description:* The kubernetes name for the clusterrolebinding as reported in the metadata * *Field Name:* `metadata.name` ### **Schema** * *Type:* String * *Description:* The Spyderbat schema for the clusterrolebinding model * *Field Name:* `schema` ### **UID** * *Type:* String * *Description:* The unique Spyderbat ID for the clusterrolebinding * *Field Name:* `id` ## **Listening Socket** ### **Duration** * *Type:* Number * *Description:* The duration of the model in seconds * *Field Name:* `duration` ### **Local IP** * *Type:* IP Address * *Description:* The local IP address, or originating address of the connection * *Field Name:* `local_ip` ### **Local port** * *Type:* Integer * *Description:* The local port of the connection * *Field Name:* `local_port` ### **Machine UID** * *Type:* String * *Description:* The unique machine ID associated with this model or event * *Field Name:* `muid` ### **Process UIDs** * *Type:* List of Strings * *Description:* The unique Spyderbat IDs for the associated processes to this socket * *Field Name:* `puids` ### **Schema** * *Type:* String * *Description:* The full schema string of the listening socket * *Field Name:* `schema` ### **Status** * *Type:* String * *Description:* Status of this model: closed or active * *Field Name:* `status` ### **UID** * *Type:* String * *Description:* The unique Spyderbat ID for the listening socket. * *Field Name:* `id` ## **Connection** [Link to Related Objects](/reference/search/search-joins.md#connection) ### **Bytes Received** * *Type:* Integer * *Description:* The number of bytes received on the local side of the connection. * *Field Name:* `bytes_rx` ### **Bytes Sent** * *Type:* Integer * *Description:* The number of bytes sent on to the remote side of the connection. * *Field Name:* `bytes_tx` ### **Cgroup** * *Type:* String * *Description:* The latest cgroup associated with the connection. * *Field Name:* `cgroup` ### **Container UID** * *Type:* String * *Description:* The unique ID of the container associated with the connection. * *Field Name:* `container_uid` ### **Destination** * *Type:* List of Strings * *Description:* The destinations of the connection (max 100 array). "ipv4|ipv6:remote\_ip:remote\_port". * *Field Name:* `dsts` ### **Direction** * *Type:* String * *Description:* The direction of the connection: "inbound", "outbound", or "unknown". * *Field Name:* `direction` ### **Duration** * *Type:* Number * *Description:* The duration of the connection model in seconds at time of last update. * *Field Name:* `duration` ### **Family** * *Type:* String * *Description:* Family: IPV4 or IPV6. * *Field Name:* `family` ### **Local IP** * *Type:* IP Address * *Description:* The local IP address, or originating address of the connection * *Field Name:* `local_ip` ### **Local port** * *Type:* Integer * *Description:* The local port of the connection * *Field Name:* `local_port` ### **Machine UID** * *Type:* String * *Description:* The unique ID of the machine associated with the connection. * *Field Name:* `muid` ### **Payload** * *Type:* String * *Description:* A string representation of the payload of the connection. For example, the domain name of a DNS request response. * *Field Name:* `payload` ### **Peer connection UID** * *Type:* String * *Description:* The unique ID of the peer remote connection if seen by Spyderbat. * *Field Name:* `peer_cuid` ### **Peer machine UID** * *Type:* String * *Description:* The unique ID of the peer connection's machine if seen by Spyderbat. * *Field Name:* `peer_muid` ### **Peer process UID** * *Type:* String * *Description:* The unique ID of the peer connection's process if seen by Spyderbat. * *Field Name:* `peer_puid` ### **Process UID** * *Type:* String * *Description:* The unique ID of the latest process associated with the connection. * *Field Name:* `puid` ### **Process UIDs** * *Type:* List of Strings * *Description:* The unique IDs of the process(es) associated with the connection. * *Field Name:* `puids` ### **Process name** * *Type:* String * *Description:* The name of the process associated with the connection. * *Field Name:* `proc_name` ### **Remote IP** * *Type:* IP Address * *Description:* The IP address on the remote side of the connection. * *Field Name:* `remote_ip` ### **Remote hostname** * *Type:* String * *Description:* The hostname on the remote side of the connection. * *Field Name:* `remote_hostname` ### **Remote port** * *Type:* Integer * *Description:* The port number on the remote side of the connection. * *Field Name:* `remote_port` ### **Schema** * *Type:* String * *Description:* The full schema of the connection. * *Field Name:* `schema` ### **Sources** * *Type:* List of Strings * *Description:* The objects that are the source of the connection (max 100 array). * *Field Name:* `srcs` ### **Spydertraces** * *Type:* List of Strings * *Description:* The unique IDs of the spydertraces this connection is a part of. * *Field Name:* `traces` ### **Status** * *Type:* String * *Description:* Status of the connection: closed or active. * *Field Name:* `status` ### **UID** * *Type:* String * *Description:* The unique ID for this connection. * *Field Name:* `id` ## **Machine** [Link to Related Objects](/reference/search/search-joins.md#machine-3) ### **Boot Time** * *Type:* Number * *Description:* The time at which the machine was booted. * *Field Name:* `boot_time` ### **CPU Architecture** * *Type:* String * *Description:* The architecture of the CPU that is installed in the machine. * *Field Name:* `machine_processor` ### **CPU Model** * *Type:* String * *Description:* The model of the CPU that is installed in the machine. * *Field Name:* `cpu_model` ### **Cloud Image ID** * *Type:* String * *Description:* If from a cloud provider, the image ID. * *Field Name:* `cloud_image_id` ### **Cloud Instance ID** * *Type:* String * *Description:* If from a cloud provider, the instance ID of the virtual machine. * *Field Name:* `cloud_instance_id` ### **Cloud Region ID** * *Type:* String * *Description:* If from a cloud provider, the region ID. * *Field Name:* `cloud_region` ### **Cloud Tags** * *Type:* Dictionary of Strings to Strings * *Description:* If from a cloud provider, the tags associated with the machine. * *Field Name:* `cloud_tags` ### **Cloud Type** * *Type:* String * *Description:* If from a cloud provider, the type of cloud provider. * *Field Name:* `cloud_type` ### **Cluster Name** * *Type:* String * *Description:* The name of the cluster the machine is associated with. * *Field Name:* `cluster_name` ### **Duration** * *Type:* Number * *Description:* The amount of time the machine has been running in seconds. * *Field Name:* `duration` ### **Hostname** * *Type:* String * *Description:* The hostname of the machine. * *Field Name:* `hostname` ### **Kernel Modules** * *Type:* List of Strings * *Description:* The list of kernel modules that are installed on the machine. * *Field Name:* `kernel_mods` ### **OS Release** * *Type:* String * *Description:* The release of the operating system installed on the machine. * *Field Name:* `os_release` ### **OS System** * *Type:* String * *Description:* The system of the operating system installed on the machine. Generally "linux". * *Field Name:* `os_system` ### **OS Version** * *Type:* String * *Description:* The version of the operating system installed on the machine. * *Field Name:* `os_version` ### **OS name** * *Type:* String * *Description:* The name of the operating system installed on the machine. * *Field Name:* `os_name` ### **Private IP Address** * *Type:* List of Strings * *Description:* The private IP addresses associated with the machine. * *Field Name:* `private_ip` ### **Public IP Address** * *Type:* List of Strings * *Description:* The public IP addresses associated with the machine. * *Field Name:* `public_ip` ### **Schema** * *Type:* String * *Description:* The full schema of the machine. * *Field Name:* `schema` ### **UID** * *Type:* String * *Description:* The unique ID for this machine. * *Field Name:* `id` ## **Fingerprint** ### **status** * *Type:* String * *Field Name:* `status` ### **cgroup** * *Type:* String * *Field Name:* `cgroup` ### **service\_name** * *Type:* String * *Field Name:* `service_name` ### **image** * *Type:* String * *Field Name:* `image` ### **image\_id** * *Type:* String * *Field Name:* `image_id` ### **container\_name** * *Type:* String * *Field Name:* `container_name` ### **container\_id** * *Type:* String * *Field Name:* `container_id` ### **Machine UID** * *Type:* String * *Field Name:* `muid` ### **Root Process UID** * *Type:* String * *Field Name:* `root_puid` ### **Schema** * *Type:* String * *Field Name:* `schema` ### **UID** * *Type:* String * *Description:* The unique Spyderbat ID for this model * *Field Name:* `id` ## **Process** [Link to Related Objects](/reference/search/search-joins.md#process) ### **src\_uid** * *Type:* String * *Field Name:* `src_uid` ### **Ancestors** * *Type:* List of Strings * *Description:* A list of the names of the ancestor processes * *Field Name:* `ancestors` ### **Arguments** * *Type:* List of Strings * *Description:* The arguments specified when the process is started * *Field Name:* `args` ### **Authenticated user** * *Type:* String * *Description:* The authenticated user name * *Field Name:* `auser` ### **CGroup** * *Type:* String * *Description:* The Cgroup, if any, associated with the process * *Field Name:* `cgroup` ### **Container** * *Type:* String * *Description:* The container ID * *Field Name:* `container` ### **Container UID** * *Type:* String * *Description:* The spyderbat ID for the container model, if any * *Field Name:* `container_uid` ### **Duration** * *Type:* Number * *Description:* The duration of the model in seconds * *Field Name:* `duration` ### **Effective user** * *Type:* String * *Description:* The effective user who created the process * *Field Name:* `euser` ### **Environment Variables** * *Type:* Dictionary of Strings to Strings * *Description:* A map with the name and value of all environment variables set at the time of process creation * *Field Name:* `environ` ### **Executable** * *Type:* String * *Description:* The pathname of the executable associated with the process * *Field Name:* `exe` ### **Interactive** * *Type:* Boolean * *Description:* Specifies if the process is associated with a terminal, and indicates if there is a human user who likely created the process * *Field Name:* `interactive` ### **Machine UID** * *Type:* String * *Description:* The unique ID of the associated machine * *Field Name:* `muid` ### **Name** * *Type:* String * *Description:* The name of the process * *Field Name:* `name` ### **Organization UID** * *Type:* String * *Description:* The unique ID of the Spyderbat organization that owns this data * *Field Name:* `org_uid` ### **PID** * *Type:* Integer * *Description:* The Unix process ID for this process * *Field Name:* `pid` ### **Parent PID** * *Type:* Integer * *Description:* Unix process ID for the parent of this process * *Field Name:* `ppid` ### **Parent process UID** * *Type:* String * *Description:* The unique Spyderbat ID of the parent process object * *Field Name:* `ppuid` ### **Schema** * *Type:* String * *Description:* The string model\_process:... * *Field Name:* `schema` ### **Session UID** * *Type:* String * *Description:* The Spyderbat UID for the associated session * *Field Name:* `suid` ### **Status** * *Type:* String * *Description:* Status of this model: closed or active * *Field Name:* `status` ### **Thread** * *Type:* Boolean * *Description:* Indicates that this process is a thread * *Field Name:* `thread` ### **Traces** * *Type:* List of Strings * *Description:* An array of Spyderbat UID for traces associated with this process * *Field Name:* `traces` ### **UID** * *Type:* String * *Description:* The unique Spyderbat ID for this model * *Field Name:* `id` --- # Agent Instructions: Querying This Documentation If you need additional information that is not directly available in this page, you can query the documentation dynamically by asking a question. Perform an HTTP GET request on the current page URL with the `ask` query parameter: ``` GET https://docs.spyderbat.com/reference/search/search-fields.md?ask= ``` The question should be specific, self-contained, and written in natural language. The response will contain a direct answer to the question and relevant excerpts and sources from the documentation. Use this mechanism when the answer is not explicitly present in the current page, you need clarification or additional context, or you want to retrieve related documentation sections.