Process¶
ProcessView¶
-
class
grapl_analyzerlib.nodes.process_node.ProcessView(dgraph_client: pydgraph.client.DgraphClient, uid: str, node_key: str, node_type: Optional[str] = None, process_id: Optional[int] = None, created_timestamp: Optional[int] = None, terminate_time: Optional[int] = None, image_name: Optional[str] = None, process_name: Optional[str] = None, arguments: Optional[str] = None, children: Optional[List[NV]] = None, bin_file: Optional[FileView] = None, created_files: Optional[List[FileView]] = None, read_files: Optional[List[FileView]] = None, wrote_files: Optional[List[FileView]] = None, deleted_files: Optional[List[FileView]] = None, created_connections: Optional[List[ProcessOutboundConnectionQuery]] = None, inbound_connections: Optional[List[ProcessInboundConnectionQuery]] = None, parent: Optional[NV] = None, process_asset: Optional[AssetView] = None, risks: Optional[List[RiskView]] = None)¶ Predicate
Type
Description
node_key
string
A unique identifier for this node.
asset_id
string
A unique identifier for this asset.
image_name
string
The name of the binary that was loaded for this process.
process_name
string
The name of the process.
arguments
string
The arguments, as passed into the process.
process_id
int
The process id for this process.
created_timestamp
int
Time of the process creation (in millis-since-epoch).
terminate_time
int
Time of the process termination (in millis-since-epoch).
children
List[Process]
Child processes of this process.
bin_file
The file that was executed to create this process.
created_files
List[File]
Files created by this process.
deleted_files
List[File]
Files deleted by this process.
read_files
List[File]
Files read by this process.
wrote_files
List[File]
Files written by this process.
created_connections
List[ProcessInboundConnection]
Outbound connections created by this process.
inbound_connections
List[ProcessInboundConnection]
Inbound connections created by this process.
-
get_arguments() → Optional[str]¶
-
get_asset() → Optional[grapl_analyzerlib.nodes.asset_node.AssetView]¶
-
get_bin_file() → Optional[grapl_analyzerlib.nodes.file_node.FileView]¶
-
get_children(match_children: Optional[IProcessQuery] = None) → List[NV]¶
-
get_created_connections() → List[grapl_analyzerlib.nodes.process_outbound_network_connection.ProcessOutboundConnectionView]¶
-
get_created_files() → List[grapl_analyzerlib.nodes.file_node.FileView]¶
-
get_created_timestamp() → Optional[int]¶
-
get_deleted_files() → List[grapl_analyzerlib.nodes.file_node.FileView]¶
-
get_image_name() → Optional[str]¶
-
get_inbound_connections() → List[grapl_analyzerlib.nodes.process_inbound_network_connection.ProcessInboundConnectionView]¶
-
get_node_type() → str¶
-
get_parent() → Optional[NV]¶
-
get_process_id() → Optional[int]¶
-
get_process_name() → Optional[str]¶
-
get_read_files() → List[grapl_analyzerlib.nodes.file_node.FileView]¶
-
get_risks(match_risks: Optional[IRiskQuery] = None) → List[grapl_analyzerlib.nodes.risk_node.RiskView]¶
-
get_terminate_time() → Optional[int]¶
-
get_wrote_files() → List[grapl_analyzerlib.nodes.file_node.FileView]¶
-
ProcessQuery¶
-
class
grapl_analyzerlib.nodes.process_node.ProcessQuery(*args, **kwds)¶ -
with_arguments(eq: Optional[StrCmp] = None, contains: Optional[StrCmp] = None, ends_with: Optional[StrCmp] = None, starts_with: Optional[StrCmp] = None, regexp: Optional[StrCmp] = None, distance: Optional[Tuple[StrCmp, int]] = None) → NQ¶
-
with_asset(asset_query: Optional[IAssetQuery] = None) → NQ¶
-
with_bin_file(bin_file_query: Optional[IFileQuery] = None) → NQ¶
-
with_children(child_query: Optional[IProcessQuery] = None) → NQ¶
-
with_created_connections(created_connection_query: Optional[IProcessOutboundConnectionQuery] = None) → NQ¶
-
with_created_files(created_files_query: Optional[IFileQuery] = None) → NQ¶
-
with_created_timestamp(eq: Optional[IntCmp] = None, gt: Optional[IntCmp] = None, lt: Optional[IntCmp] = None) → NQ¶
-
with_deleted_files(deleted_files_query: Optional[IFileQuery] = None) → NQ¶
-
with_image_name(eq: Optional[StrCmp] = None, contains: Optional[StrCmp] = None, ends_with: Optional[StrCmp] = None, starts_with: Optional[StrCmp] = None, regexp: Optional[StrCmp] = None, distance: Optional[Tuple[StrCmp, int]] = None) → NQ¶
-
with_inbound_connections(inbound_connection_query: Optional[IProcessInboundConnectionQuery] = None) → NQ¶
-
with_parent(parent_query: Optional[IProcessQuery] = None) → NQ¶
-
with_process_id(eq: Optional[IntCmp] = None, gt: Optional[IntCmp] = None, lt: Optional[IntCmp] = None) → NQ¶
-
with_process_name(eq: Optional[StrCmp] = None, contains: Optional[StrCmp] = None, ends_with: Optional[StrCmp] = None, starts_with: Optional[StrCmp] = None, regexp: Optional[StrCmp] = None, distance: Optional[Tuple[StrCmp, int]] = None) → NQ¶
-
with_read_files(read_files_query: Optional[IFileQuery] = None) → NQ¶
-
with_risks(risks_query: Optional[RiskQuery] = None) → NQ¶
-
with_terminate_time(eq: Optional[IntCmp] = None, gt: Optional[IntCmp] = None, lt: Optional[IntCmp] = None) → NQ¶
-
with_wrote_files(wrote_files_query: Optional[IFileQuery] = None) → NQ¶
-