Skip to content

Commit

Permalink
feat(securitycenter): update the api
Browse files Browse the repository at this point in the history 
#### securitycenter:v1

The following keys were added:
- schemas.Detection (Total Keys: 5)
- schemas.Indicator.properties.signatures (Total Keys: 2)
- schemas.MemoryHashSignature (Total Keys: 5)
- schemas.Process.properties.name.type (Total Keys: 1)
- schemas.ProcessSignature (Total Keys: 4)
- schemas.YaraRuleSignature (Total Keys: 3)

#### securitycenter:v1beta1

The following keys were added:
- schemas.Detection (Total Keys: 5)
- schemas.Indicator.properties.signatures (Total Keys: 2)
- schemas.MemoryHashSignature (Total Keys: 5)
- schemas.Process.properties.name.type (Total Keys: 1)
- schemas.ProcessSignature (Total Keys: 4)
- schemas.YaraRuleSignature (Total Keys: 3)

#### securitycenter:v1beta2

The following keys were added:
- schemas.Detection (Total Keys: 5)
- schemas.Indicator.properties.signatures (Total Keys: 2)
- schemas.MemoryHashSignature (Total Keys: 5)
- schemas.Process.properties.name.type (Total Keys: 1)
- schemas.ProcessSignature (Total Keys: 4)
- schemas.YaraRuleSignature (Total Keys: 3)
  • Loading branch information
@yoshi-automation
yoshi-automation committed Jun 21, 2022
1 parent 57d7041 commit 07d2410
Show file tree
Hide file tree
Showing 6 changed files with 505 additions and 3 deletions.
85 changes: 85 additions & 0 deletions docs/dyn/securitycenter_v1.folders.sources.findings.html
View file
Original file line number Diff line number Diff line change
Expand Up @@ -279,6 +279,22 @@ <h3>Method Details</h3>
&quot;ipAddresses&quot;: [ # List of ip addresses associated to the Finding.
&quot;A String&quot;,
],
&quot;signatures&quot;: [ # The list of matched signatures indicating that the given process is present in the environment.
{ # Indicates what signature matched this process.
&quot;memoryHashSignature&quot;: { # A signature corresponding to memory page hashes. # Signature indicating that a binary family was matched.
&quot;binaryFamily&quot;: &quot;A String&quot;, # The binary family.
&quot;detections&quot;: [ # The list of memory hash detections contributing to the binary family match.
{ # Memory hash detection contributing to the binary family match.
&quot;binary&quot;: &quot;A String&quot;, # The name of the binary associated with the memory hash signature detection.
&quot;percentPagesMatched&quot;: 3.14, # The percentage of memory page hashes in the signature that were matched.
},
],
},
&quot;yaraRuleSignature&quot;: { # A signature corresponding to a YARA rule. # Signature indicating that a YARA rule was matched.
&quot;yaraRule&quot;: &quot;A String&quot;, # The name of the YARA rule.
},
},
],
},
&quot;mitreAttack&quot;: { # MITRE ATT&amp;CK tactics and techniques related to this finding. See: https://attack.mitre.org # MITRE ATT&amp;CK tactics and techniques related to this finding. See: https://attack.mitre.org
&quot;additionalTactics&quot;: [ # Additional MITRE ATT&amp;CK tactics related to this finding, if any.
Expand Down Expand Up @@ -330,6 +346,7 @@ <h3>Method Details</h3>
&quot;size&quot;: &quot;A String&quot;, # Size of the file in bytes.
},
],
&quot;name&quot;: &quot;A String&quot;, # The process name visible in utilities like top and ps; it can be accessed via /proc/[pid]/comm and changed with prctl(PR_SET_NAME).
&quot;parentPid&quot;: &quot;A String&quot;, # The parent process id.
&quot;pid&quot;: &quot;A String&quot;, # The process id.
&quot;script&quot;: { # File information about the related binary/library used by an executable, or the script used by a script interpreter # When the process represents the invocation of a script, `binary` provides information about the interpreter while `script` provides information about the script file provided to the interpreter.
Expand Down Expand Up @@ -514,6 +531,22 @@ <h3>Method Details</h3>
&quot;ipAddresses&quot;: [ # List of ip addresses associated to the Finding.
&quot;A String&quot;,
],
&quot;signatures&quot;: [ # The list of matched signatures indicating that the given process is present in the environment.
{ # Indicates what signature matched this process.
&quot;memoryHashSignature&quot;: { # A signature corresponding to memory page hashes. # Signature indicating that a binary family was matched.
&quot;binaryFamily&quot;: &quot;A String&quot;, # The binary family.
&quot;detections&quot;: [ # The list of memory hash detections contributing to the binary family match.
{ # Memory hash detection contributing to the binary family match.
&quot;binary&quot;: &quot;A String&quot;, # The name of the binary associated with the memory hash signature detection.
&quot;percentPagesMatched&quot;: 3.14, # The percentage of memory page hashes in the signature that were matched.
},
],
},
&quot;yaraRuleSignature&quot;: { # A signature corresponding to a YARA rule. # Signature indicating that a YARA rule was matched.
&quot;yaraRule&quot;: &quot;A String&quot;, # The name of the YARA rule.
},
},
],
},
&quot;mitreAttack&quot;: { # MITRE ATT&amp;CK tactics and techniques related to this finding. See: https://attack.mitre.org # MITRE ATT&amp;CK tactics and techniques related to this finding. See: https://attack.mitre.org
&quot;additionalTactics&quot;: [ # Additional MITRE ATT&amp;CK tactics related to this finding, if any.
Expand Down Expand Up @@ -565,6 +598,7 @@ <h3>Method Details</h3>
&quot;size&quot;: &quot;A String&quot;, # Size of the file in bytes.
},
],
&quot;name&quot;: &quot;A String&quot;, # The process name visible in utilities like top and ps; it can be accessed via /proc/[pid]/comm and changed with prctl(PR_SET_NAME).
&quot;parentPid&quot;: &quot;A String&quot;, # The parent process id.
&quot;pid&quot;: &quot;A String&quot;, # The process id.
&quot;script&quot;: { # File information about the related binary/library used by an executable, or the script used by a script interpreter # When the process represents the invocation of a script, `binary` provides information about the interpreter while `script` provides information about the script file provided to the interpreter.
Expand Down Expand Up @@ -712,6 +746,22 @@ <h3>Method Details</h3>
&quot;ipAddresses&quot;: [ # List of ip addresses associated to the Finding.
&quot;A String&quot;,
],
&quot;signatures&quot;: [ # The list of matched signatures indicating that the given process is present in the environment.
{ # Indicates what signature matched this process.
&quot;memoryHashSignature&quot;: { # A signature corresponding to memory page hashes. # Signature indicating that a binary family was matched.
&quot;binaryFamily&quot;: &quot;A String&quot;, # The binary family.
&quot;detections&quot;: [ # The list of memory hash detections contributing to the binary family match.
{ # Memory hash detection contributing to the binary family match.
&quot;binary&quot;: &quot;A String&quot;, # The name of the binary associated with the memory hash signature detection.
&quot;percentPagesMatched&quot;: 3.14, # The percentage of memory page hashes in the signature that were matched.
},
],
},
&quot;yaraRuleSignature&quot;: { # A signature corresponding to a YARA rule. # Signature indicating that a YARA rule was matched.
&quot;yaraRule&quot;: &quot;A String&quot;, # The name of the YARA rule.
},
},
],
},
&quot;mitreAttack&quot;: { # MITRE ATT&amp;CK tactics and techniques related to this finding. See: https://attack.mitre.org # MITRE ATT&amp;CK tactics and techniques related to this finding. See: https://attack.mitre.org
&quot;additionalTactics&quot;: [ # Additional MITRE ATT&amp;CK tactics related to this finding, if any.
Expand Down Expand Up @@ -763,6 +813,7 @@ <h3>Method Details</h3>
&quot;size&quot;: &quot;A String&quot;, # Size of the file in bytes.
},
],
&quot;name&quot;: &quot;A String&quot;, # The process name visible in utilities like top and ps; it can be accessed via /proc/[pid]/comm and changed with prctl(PR_SET_NAME).
&quot;parentPid&quot;: &quot;A String&quot;, # The parent process id.
&quot;pid&quot;: &quot;A String&quot;, # The process id.
&quot;script&quot;: { # File information about the related binary/library used by an executable, or the script used by a script interpreter # When the process represents the invocation of a script, `binary` provides information about the interpreter while `script` provides information about the script file provided to the interpreter.
Expand Down Expand Up @@ -923,6 +974,22 @@ <h3>Method Details</h3>
&quot;ipAddresses&quot;: [ # List of ip addresses associated to the Finding.
&quot;A String&quot;,
],
&quot;signatures&quot;: [ # The list of matched signatures indicating that the given process is present in the environment.
{ # Indicates what signature matched this process.
&quot;memoryHashSignature&quot;: { # A signature corresponding to memory page hashes. # Signature indicating that a binary family was matched.
&quot;binaryFamily&quot;: &quot;A String&quot;, # The binary family.
&quot;detections&quot;: [ # The list of memory hash detections contributing to the binary family match.
{ # Memory hash detection contributing to the binary family match.
&quot;binary&quot;: &quot;A String&quot;, # The name of the binary associated with the memory hash signature detection.
&quot;percentPagesMatched&quot;: 3.14, # The percentage of memory page hashes in the signature that were matched.
},
],
},
&quot;yaraRuleSignature&quot;: { # A signature corresponding to a YARA rule. # Signature indicating that a YARA rule was matched.
&quot;yaraRule&quot;: &quot;A String&quot;, # The name of the YARA rule.
},
},
],
},
&quot;mitreAttack&quot;: { # MITRE ATT&amp;CK tactics and techniques related to this finding. See: https://attack.mitre.org # MITRE ATT&amp;CK tactics and techniques related to this finding. See: https://attack.mitre.org
&quot;additionalTactics&quot;: [ # Additional MITRE ATT&amp;CK tactics related to this finding, if any.
Expand Down Expand Up @@ -974,6 +1041,7 @@ <h3>Method Details</h3>
&quot;size&quot;: &quot;A String&quot;, # Size of the file in bytes.
},
],
&quot;name&quot;: &quot;A String&quot;, # The process name visible in utilities like top and ps; it can be accessed via /proc/[pid]/comm and changed with prctl(PR_SET_NAME).
&quot;parentPid&quot;: &quot;A String&quot;, # The parent process id.
&quot;pid&quot;: &quot;A String&quot;, # The process id.
&quot;script&quot;: { # File information about the related binary/library used by an executable, or the script used by a script interpreter # When the process represents the invocation of a script, `binary` provides information about the interpreter while `script` provides information about the script file provided to the interpreter.
Expand Down Expand Up @@ -1135,6 +1203,22 @@ <h3>Method Details</h3>
&quot;ipAddresses&quot;: [ # List of ip addresses associated to the Finding.
&quot;A String&quot;,
],
&quot;signatures&quot;: [ # The list of matched signatures indicating that the given process is present in the environment.
{ # Indicates what signature matched this process.
&quot;memoryHashSignature&quot;: { # A signature corresponding to memory page hashes. # Signature indicating that a binary family was matched.
&quot;binaryFamily&quot;: &quot;A String&quot;, # The binary family.
&quot;detections&quot;: [ # The list of memory hash detections contributing to the binary family match.
{ # Memory hash detection contributing to the binary family match.
&quot;binary&quot;: &quot;A String&quot;, # The name of the binary associated with the memory hash signature detection.
&quot;percentPagesMatched&quot;: 3.14, # The percentage of memory page hashes in the signature that were matched.
},
],
},
&quot;yaraRuleSignature&quot;: { # A signature corresponding to a YARA rule. # Signature indicating that a YARA rule was matched.
&quot;yaraRule&quot;: &quot;A String&quot;, # The name of the YARA rule.
},
},
],
},
&quot;mitreAttack&quot;: { # MITRE ATT&amp;CK tactics and techniques related to this finding. See: https://attack.mitre.org # MITRE ATT&amp;CK tactics and techniques related to this finding. See: https://attack.mitre.org
&quot;additionalTactics&quot;: [ # Additional MITRE ATT&amp;CK tactics related to this finding, if any.
Expand Down Expand Up @@ -1186,6 +1270,7 @@ <h3>Method Details</h3>
&quot;size&quot;: &quot;A String&quot;, # Size of the file in bytes.
},
],
&quot;name&quot;: &quot;A String&quot;, # The process name visible in utilities like top and ps; it can be accessed via /proc/[pid]/comm and changed with prctl(PR_SET_NAME).
&quot;parentPid&quot;: &quot;A String&quot;, # The parent process id.
&quot;pid&quot;: &quot;A String&quot;, # The process id.
&quot;script&quot;: { # File information about the related binary/library used by an executable, or the script used by a script interpreter # When the process represents the invocation of a script, `binary` provides information about the interpreter while `script` provides information about the script file provided to the interpreter.
Expand Down
Loading

0 comments on commit 07d2410

Please sign in to comment.