github/santa
1
1
Fork 0
mirror of https://github.com/google/santa.git synced 2026-04-24 03:00:12 -04:00
Code Issues Packages Projects Releases Wiki Activity
Files
2a8bdfd7141d41bc67a244ced8a5e565cf9dc876
santa/Source/common/SNTStoredEvent.h
Russell Hancox 297fb4cb68 Add parent process name collection and upload
2015-04-30 18:21:13 -04:00

104 lines
2.4 KiB
Objective-C
Raw Blame History

/// Copyright 2015 Google Inc. All rights reserved.
///
/// Licensed under the Apache License, Version 2.0 (the "License");
/// you may not use this file except in compliance with the License.
/// You may obtain a copy of the License at
///
/// http://www.apache.org/licenses/LICENSE-2.0
///
/// Unless required by applicable law or agreed to in writing, software
/// distributed under the License is distributed on an "AS IS" BASIS,
/// WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
/// See the License for the specific language governing permissions and
/// limitations under the License.
#include "SNTCommonEnums.h"
///
/// Represents an event stored in the database.
///
@interface SNTStoredEvent : NSObject<NSSecureCoding>
///
/// An index for this event, empty unless the event came from the database.
///
@property NSNumber *idx;
///
/// The SHA-256 of the executed file.
///
@property NSString *fileSHA256;
///
/// The full path of the executed file.
///
@property NSString *filePath;
///
/// If the executed file was part of the bundle, this is the CFBundleName.
///
@property NSString *fileBundleName;
///
/// If the executed file was part of the bundle, this is the CFBundleID.
///
@property NSString *fileBundleID;
///
/// If the executed file was part of the bundle, this is the CFBundleVersion.
///
@property NSString *fileBundleVersion;
///
/// If the executed file was part of the bundle, this is the CFBundleShortVersionString.
///
@property NSString *fileBundleVersionString;
///
/// If the executed file was signed, this is an NSArray of SNTCertificate's
/// representing the signing chain.
///
@property NSArray *signingChain;
///
/// The user who executed the binary.
///
@property NSString *executingUser;
///
/// The date and time the execution request was received by santad.
///
@property NSDate *occurrenceDate;
///
/// The decision santad returned.
///
@property santa_eventstate_t decision;
///
/// NSArray of logged in users when the decision was made.
///
@property NSArray *loggedInUsers;
///
/// NSArray of sessions when the decision was made (e.g. nobody@console, nobody@ttys000).
///
@property NSArray *currentSessions;
///
/// The process ID of the binary being executed.
///
@property NSNumber *pid;
///
/// The parent process ID of the binary being executed.
///
@property NSNumber *ppid;
///
/// The name of the parent process.
///
@property NSString *parentName;
@end
Reference in New Issue View Git Blame Copy Permalink