splunk_cim/data_models/endpoint/
processes.rs

1use serde::{Serialize, Deserialize};
2
3#[derive(Serialize, Deserialize, Clone, Debug)]
4pub struct Processes {
5    action: String,
6    cpu_load_percent: Option<u8>,  // Number between 0 and 100
7	///  	The endpoint for which the process was spawned.
8	dest: String,
9	///  	This field is automatically provided by asset and identity correlation features of applications like Splunk Enterprise Security. Do not define extractions for this fields when writing add-ons.
10	dest_bunit: Option<String>,
11	///  	This field is automatically provided by asset and identity correlation features of applications like Splunk Enterprise Security. Do not define extractions for this fields when writing add-ons.
12	dest_category: Option<String>,
13	///  	This field is automatically provided by asset and identity correlation features of applications like Splunk Enterprise Security. Do not define extractions for this field when writing add-ons.
14	dest_is_expected: Option<bool>,
15	///  	This field is automatically provided by asset and identity correlation features of applications like Splunk Enterprise Security. Do not define extractions for this fields when writing add-ons.
16	dest_priority: Option<String>,
17	///  	This field is automatically provided by asset and identity correlation features of applications like Splunk Enterprise Security. Do not define extractions for this fields when writing add-ons.
18	dest_requires_av: Option<bool>,
19	///  	This field is automatically provided by asset and identity correlation features of applications like Splunk Enterprise Security. Do not define extractions for this fields when writing add-ons.
20	dest_should_timesync: Option<bool>,
21	///  	This field is automatically provided by asset and identity correlation features of applications like Splunk Enterprise Security. Do not define extractions for this fields when writing add-ons.
22	dest_should_update: Option<bool>,
23	///  	Memory used by the process (in bytes).
24	mem_used: Option<u64>,
25	///  	The operating system of the resource, such as Microsoft Windows Server 2008r2.
26	os: Option<String>,
27	///  	The full command String of the parent process.
28	parent_process: Option<String>,
29	///  	The executable name of the parent process.
30	parent_process_exec: Option<String>,
31	///  	The numeric identifier of the parent process assigned by the operating system.
32	parent_process_id: Option<u64>,
33	///  	The globally unique identifier of the parent process assigned by the vendor_product.
34	parent_process_guid: Option<String>,
35	///  	The friendly name of the parent process, such as notepad.exe.
36	parent_process_name: Option<String>,
37	///  	The file path of the parent process, such as C:\Windows\System32\notepad.exe.
38	parent_process_path: Option<String>,
39	///  	The full command String of the spawned process. Such as C:\\WINDOWS\\system32\\cmd.exe \/c \"\"C:\\Program Files\\SplunkUniversalForwarder\\etc\\system\\bin\\powershell.cmd\" --scheme\"".
40	process: Option<String>,
41	///  	The current working directory used to spawn the process.
42	process_current_directory: Option<String>,
43	///  	The executable name of the process.
44	process_exec: Option<String>,
45	///  	The digests of the parent process, such as <md5>, <sha1>, etc.
46	process_hash: Option<String>,
47	///  	The globally unique identifier of the process assigned by the vendor_product.
48	process_guid: Option<String>,
49	///  	The numeric identifier of the process assigned by the operating system.
50	process_id: u64,
51	///  	The Windows integrity level of the process. 	system, high, medium, low, untrusted
52	process_integrity_level: Option<String>,
53	///  	The friendly name of the process, such as notepad.exe.
54	process_name: Option<String>,
55	///  	The file path of the process, such as C:\Windows\System32\notepad.exe.
56	process_path: Option<String>,
57	///  	This automatically generated field is used to access tags from within data models. Add-on builders do not need to populate it.
58	tag: Option<String>,
59	///  	The user account that spawned the process.
60	user: Option<String>,
61	///  	The unique identifier of the user account which spawned the process.
62	user_id: Option<String>,
63	///  	This field is automatically provided by asset and identity correlation features of applications like Splunk Enterprise Security. Do not define extractions for this fields when writing add-ons.
64	user_bunit: Option<String>,
65	///  	This field is automatically provided by asset and identity correlation features of applications like Splunk Enterprise Security. Do not define extractions for this fields when writing add-ons.
66	user_category: Option<String>,
67	///  	This field is automatically provided by asset and identity correlation features of applications like Splunk Enterprise Security. Do not define extractions for this fields when writing add-ons.
68	user_priority: Option<String>,
69	///  	The vendor and product name of the Endpoint solution that reported the event, such as Carbon Black Cb Response. This field can be automatically populated by vendor and product fields in your data."
70	vendor_product: Option<String>,
71}