Class: Google::Cloud::SecurityCenter::V1::Indicator::ProcessSignature

Inherits:

Object

• Object
• Google::Cloud::SecurityCenter::V1::Indicator::ProcessSignature

Extended by:

Protobuf::MessageExts::ClassMethods

Includes:

Protobuf::MessageExts

Defined in:

proto_docs/google/cloud/securitycenter/v1/indicator.rb

Overview

Indicates what signature matched this process.

Defined Under Namespace

Modules: SignatureType Classes: MemoryHashSignature, YaraRuleSignature

Instance Attribute Summary

• #memory_hash_signature ⇒ ::Google::Cloud::SecurityCenter::V1::Indicator::ProcessSignature::MemoryHashSignature

  Signature indicating that a binary family was matched.

• #signature_type ⇒ ::Google::Cloud::SecurityCenter::V1::Indicator::ProcessSignature::SignatureType

  Describes the type of resource associated with the signature.

• #yara_rule_signature ⇒ ::Google::Cloud::SecurityCenter::V1::Indicator::ProcessSignature::YaraRuleSignature

  Signature indicating that a YARA rule was matched.

Instance Attribute Details

#memory_hash_signature ⇒ ::Google::Cloud::SecurityCenter::V1::Indicator::ProcessSignature::MemoryHashSignature

Returns Signature indicating that a binary family was matched.

Returns:

• (::Google::Cloud::SecurityCenter::V1::Indicator::ProcessSignature::MemoryHashSignature) —

  Signature indicating that a binary family was matched.

# File 'proto_docs/google/cloud/securitycenter/v1/indicator.rb', line 56

class ProcessSignature
  include ::Google::Protobuf::MessageExts
  extend ::Google::Protobuf::MessageExts::ClassMethods

  # A signature corresponding to memory page hashes.
  # @!attribute [rw] binary_family
  #   @return [::String]
  #     The binary family.
  # @!attribute [rw] detections
  #   @return [::Array<::Google::Cloud::SecurityCenter::V1::Indicator::ProcessSignature::MemoryHashSignature::Detection>]
  #     The list of memory hash detections contributing to the binary family
  #     match.
  class MemoryHashSignature
    include ::Google::Protobuf::MessageExts
    extend ::Google::Protobuf::MessageExts::ClassMethods

    # Memory hash detection contributing to the binary family match.
    # @!attribute [rw] binary
    #   @return [::String]
    #     The name of the binary associated with the memory hash
    #     signature detection.
    # @!attribute [rw] percent_pages_matched
    #   @return [::Float]
    #     The percentage of memory page hashes in the signature
    #     that were matched.
    class Detection
      include ::Google::Protobuf::MessageExts
      extend ::Google::Protobuf::MessageExts::ClassMethods
    end
  end

  # A signature corresponding to a YARA rule.
  # @!attribute [rw] yara_rule
  #   @return [::String]
  #     The name of the YARA rule.
  class YaraRuleSignature
    include ::Google::Protobuf::MessageExts
    extend ::Google::Protobuf::MessageExts::ClassMethods
  end

  # Possible resource types to be associated with a signature.
  module SignatureType
    # The default signature type.
    SIGNATURE_TYPE_UNSPECIFIED = 0

    # Used for signatures concerning processes.
    SIGNATURE_TYPE_PROCESS = 1

    # Used for signatures concerning disks.
    SIGNATURE_TYPE_FILE = 2
  end
end

#signature_type ⇒ ::Google::Cloud::SecurityCenter::V1::Indicator::ProcessSignature::SignatureType

Returns Describes the type of resource associated with the signature.

Returns:

• (::Google::Cloud::SecurityCenter::V1::Indicator::ProcessSignature::SignatureType) —

  Describes the type of resource associated with the signature.

# File 'proto_docs/google/cloud/securitycenter/v1/indicator.rb', line 56

class ProcessSignature
  include ::Google::Protobuf::MessageExts
  extend ::Google::Protobuf::MessageExts::ClassMethods

  # A signature corresponding to memory page hashes.
  # @!attribute [rw] binary_family
  #   @return [::String]
  #     The binary family.
  # @!attribute [rw] detections
  #   @return [::Array<::Google::Cloud::SecurityCenter::V1::Indicator::ProcessSignature::MemoryHashSignature::Detection>]
  #     The list of memory hash detections contributing to the binary family
  #     match.
  class MemoryHashSignature
    include ::Google::Protobuf::MessageExts
    extend ::Google::Protobuf::MessageExts::ClassMethods

    # Memory hash detection contributing to the binary family match.
    # @!attribute [rw] binary
    #   @return [::String]
    #     The name of the binary associated with the memory hash
    #     signature detection.
    # @!attribute [rw] percent_pages_matched
    #   @return [::Float]
    #     The percentage of memory page hashes in the signature
    #     that were matched.
    class Detection
      include ::Google::Protobuf::MessageExts
      extend ::Google::Protobuf::MessageExts::ClassMethods
    end
  end

  # A signature corresponding to a YARA rule.
  # @!attribute [rw] yara_rule
  #   @return [::String]
  #     The name of the YARA rule.
  class YaraRuleSignature
    include ::Google::Protobuf::MessageExts
    extend ::Google::Protobuf::MessageExts::ClassMethods
  end

  # Possible resource types to be associated with a signature.
  module SignatureType
    # The default signature type.
    SIGNATURE_TYPE_UNSPECIFIED = 0

    # Used for signatures concerning processes.
    SIGNATURE_TYPE_PROCESS = 1

    # Used for signatures concerning disks.
    SIGNATURE_TYPE_FILE = 2
  end
end

#yara_rule_signature ⇒ ::Google::Cloud::SecurityCenter::V1::Indicator::ProcessSignature::YaraRuleSignature

Returns Signature indicating that a YARA rule was matched.

Returns:

• (::Google::Cloud::SecurityCenter::V1::Indicator::ProcessSignature::YaraRuleSignature) —

  Signature indicating that a YARA rule was matched.

# File 'proto_docs/google/cloud/securitycenter/v1/indicator.rb', line 56

class ProcessSignature
  include ::Google::Protobuf::MessageExts
  extend ::Google::Protobuf::MessageExts::ClassMethods

  # A signature corresponding to memory page hashes.
  # @!attribute [rw] binary_family
  #   @return [::String]
  #     The binary family.
  # @!attribute [rw] detections
  #   @return [::Array<::Google::Cloud::SecurityCenter::V1::Indicator::ProcessSignature::MemoryHashSignature::Detection>]
  #     The list of memory hash detections contributing to the binary family
  #     match.
  class MemoryHashSignature
    include ::Google::Protobuf::MessageExts
    extend ::Google::Protobuf::MessageExts::ClassMethods

    # Memory hash detection contributing to the binary family match.
    # @!attribute [rw] binary
    #   @return [::String]
    #     The name of the binary associated with the memory hash
    #     signature detection.
    # @!attribute [rw] percent_pages_matched
    #   @return [::Float]
    #     The percentage of memory page hashes in the signature
    #     that were matched.
    class Detection
      include ::Google::Protobuf::MessageExts
      extend ::Google::Protobuf::MessageExts::ClassMethods
    end
  end

  # A signature corresponding to a YARA rule.
  # @!attribute [rw] yara_rule
  #   @return [::String]
  #     The name of the YARA rule.
  class YaraRuleSignature
    include ::Google::Protobuf::MessageExts
    extend ::Google::Protobuf::MessageExts::ClassMethods
  end

  # Possible resource types to be associated with a signature.
  module SignatureType
    # The default signature type.
    SIGNATURE_TYPE_UNSPECIFIED = 0

    # Used for signatures concerning processes.
    SIGNATURE_TYPE_PROCESS = 1

    # Used for signatures concerning disks.
    SIGNATURE_TYPE_FILE = 2
  end
end