Struct Script 

#[non_exhaustive]
pub struct Script {
    pub file: Option<Box<File>>,
    pub hashes: Option<Vec<Fingerprint>>,
    pub name: Option<String>,
    pub parent_uid: Option<String>,
    pub script_content: Option<Box<LongString>>,
    pub type: Option<String>,
    pub type_id: Option<i64>,
    pub uid: Option<String>,
}

Script

The Script object describes a script or command that can be executed by a shell, script engine, or interpreter. Examples include Bash, JavsScript, PowerShell, Python, VBScript, etc. Note that the term script here denotes not only a script contained within a file but also a script or command typed interactively by a user, supplied on the command line, or provided by some other file-less mechanism.

[] Category: | Name: script

Fields (Non-exhaustive)

Non-exhaustive structs could have additional fields added in future. Therefore, non-exhaustive structs cannot be constructed in external crates using the traditional Struct { .. } syntax; cannot be matched against without a wildcard ..; and struct update syntax will not work.

file: Option<Box<File>>

File

Present if this script is associated with a file. Not present in the case of a file-less script.

optional

hashes: Option<Vec<Fingerprint>>

Hashes

An array of the script’s cryptographic hashes. Note that these hashes are calculated on the script in its original encoding, and not on the normalized UTF-8 encoding found in the script_content attribute.

recommended

name: Option<String>

Name

Unique identifier for the script or macro, independent of the containing file, used for tracking, auditing, and security analysis.

optional

parent_uid: Option<String>

Parent Unique ID

This attribute relates a sub-script to a parent script having the matching uid attribute. In the case of PowerShell, sub-script execution can be identified by matching the activity correlation ID of the raw ETW events provided by the OS.

optional

script_content: Option<Box<LongString>>

Script Content

The script content, normalized to UTF-8 encoding irrespective of its original encoding. When emitting this attribute, it may be appropriate to truncate large scripts. When consuming this attribute, large scripts should be anticipated.

required

type: Option<String>

Type

The script type, normalized to the caption of the type_id value. In the case of ‘Other’, it is defined by the event source.

optional

type_id: Option<i64>

Type ID

The normalized script type ID.

required

uid: Option<String>

Unique ID

Some script engines assign a unique ID to each individual execution of a given script. This attribute captures that unique ID. In the case of PowerShell, the unique ID corresponds to the ScriptBlockId in the raw ETW events provided by the OS.

optional

Trait Implementations

impl Clone for Script

fn clone(&self) -> Script

Returns a duplicate of the value.

fn clone_from(&mut self, source: &Self)

Performs copy-assignment from source.

impl Debug for Script

fn fmt(&self, f: &mut Formatter<'_>) -> Result

Formats the value using the given formatter.

impl Default for Script

fn default() -> Script

Returns the “default value” for a type.

impl<'de> Deserialize<'de> for Script

where Script: Default,

fn deserialize<__D>(__deserializer: __D) -> Result<Self, __D::Error>

where __D: Deserializer<'de>,

Deserialize this value from the given Serde deserializer.

impl PartialEq for Script

fn eq(&self, other: &Script) -> bool

Tests for self and other values to be equal, and is used by ==.

fn ne(&self, other: &Rhs) -> bool

Tests for !=. The default implementation is almost always sufficient, and should not be overridden without very good reason.

impl Serialize for Script

fn serialize<__S>(&self, __serializer: __S) -> Result<__S::Ok, __S::Error>

where __S: Serializer,

Serialize this value into the given Serde serializer.

impl StructuralPartialEq for Script