Skip to content

global artifacts manifest_type #632

New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Merged
merged 3 commits into from
Jun 4, 2025
Merged

global artifacts manifest_type #632

Show file tree
Hide file tree
Changes from all commits
Commits
Show all changes
3 commits
Select commit Hold shift + click to select a range
b4f0fe0
add Endpoint.policy.applied.artifacts.global.manifest_type
intxgo Jun 4, 2025
e3905a6
upgate custom documentation
intxgo Jun 4, 2025
2f9a75f
rebuild custom documentation md files: make clean & make
intxgo Jun 4, 2025
File filter

Filter by extension

Filter by extension
Conversations
Failed to load comments.
Loading
Jump to
Jump to file
Failed to load files.
Loading
Diff view
Diff view
1 change: 1 addition & 0 deletions custom_documentation/doc/endpoint/alerts/linux/linux_malware_alert.md
View file
Open in desktop
Original file line number Diff line number Diff line change
Expand Up @@ -13,6 +13,7 @@ This alert is generated when a Malware alert occurs.
| Endpoint.policy.applied.artifacts.global.channel |
| Endpoint.policy.applied.artifacts.global.identifiers.name |
| Endpoint.policy.applied.artifacts.global.identifiers.sha256 |
| Endpoint.policy.applied.artifacts.global.manifest_type |
| Endpoint.policy.applied.artifacts.global.snapshot |
| Endpoint.policy.applied.artifacts.global.update_age |
| Endpoint.policy.applied.artifacts.global.version |
Expand Down
1 change: 1 addition & 0 deletions custom_documentation/doc/endpoint/alerts/macos/macos_malware_alert.md
View file
Open in desktop
Original file line number Diff line number Diff line change
Expand Up @@ -13,6 +13,7 @@ This alert is generated when a macOS Malware alert occurs.
| Endpoint.policy.applied.artifacts.global.channel |
| Endpoint.policy.applied.artifacts.global.identifiers.name |
| Endpoint.policy.applied.artifacts.global.identifiers.sha256 |
| Endpoint.policy.applied.artifacts.global.manifest_type |
| Endpoint.policy.applied.artifacts.global.snapshot |
| Endpoint.policy.applied.artifacts.global.update_age |
| Endpoint.policy.applied.artifacts.global.version |
Expand Down
1 change: 1 addition & 0 deletions custom_documentation/doc/endpoint/alerts/windows/windows_malware_alert.md
View file
Open in desktop
Original file line number Diff line number Diff line change
Expand Up @@ -13,6 +13,7 @@ This alert is generated when a Malware alert occurs.
| Endpoint.policy.applied.artifacts.global.channel |
| Endpoint.policy.applied.artifacts.global.identifiers.name |
| Endpoint.policy.applied.artifacts.global.identifiers.sha256 |
| Endpoint.policy.applied.artifacts.global.manifest_type |
| Endpoint.policy.applied.artifacts.global.snapshot |
| Endpoint.policy.applied.artifacts.global.update_age |
| Endpoint.policy.applied.artifacts.global.version |
Expand Down
1 change: 1 addition & 0 deletions custom_documentation/doc/endpoint/alerts/windows/windows_shellcode_thread.md
View file
Open in desktop
Original file line number Diff line number Diff line change
Expand Up @@ -13,6 +13,7 @@ This alert is generated when a Shellcode Threat alert occurs.
| Endpoint.policy.applied.artifacts.global.channel |
| Endpoint.policy.applied.artifacts.global.identifiers.name |
| Endpoint.policy.applied.artifacts.global.identifiers.sha256 |
| Endpoint.policy.applied.artifacts.global.manifest_type |
| Endpoint.policy.applied.artifacts.global.snapshot |
| Endpoint.policy.applied.artifacts.global.update_age |
| Endpoint.policy.applied.artifacts.global.version |
Expand Down
2 changes: 1 addition & 1 deletion custom_documentation/doc/endpoint/metrics/metrics.md
View file
Open in desktop
Original file line number Diff line number Diff line change
Expand Up @@ -96,8 +96,8 @@ This is an internal state management document that includes metrics on Endpoint'
| Endpoint.metrics.memory.endpoint.private.latest |
| Endpoint.metrics.memory.endpoint.private.mean |
| Endpoint.metrics.queue_metrics.kernel.send_to_user_queue.drops |
| Endpoint.metrics.queue_metrics.kernel.send_to_user_queue.size |
| Endpoint.metrics.queue_metrics.kernel.send_to_user_queue.last_drop_time_utc |
| Endpoint.metrics.queue_metrics.kernel.send_to_user_queue.size |
| Endpoint.metrics.queue_metrics.user.async_kernel_event_queue.drops |
| Endpoint.metrics.queue_metrics.user.async_kernel_event_queue.size |
| Endpoint.metrics.system_impact.amsi_events.week_idle_ms |
Expand Down
1 change: 1 addition & 0 deletions custom_documentation/doc/endpoint/policy/policy_response.md
View file
Open in desktop
Original file line number Diff line number Diff line change
Expand Up @@ -18,6 +18,7 @@ This is a state management document that is generated every time Endpoint refres
| Endpoint.policy.applied.artifacts.global.channel |
| Endpoint.policy.applied.artifacts.global.identifiers.name |
| Endpoint.policy.applied.artifacts.global.identifiers.sha256 |
| Endpoint.policy.applied.artifacts.global.manifest_type |
| Endpoint.policy.applied.artifacts.global.snapshot |
| Endpoint.policy.applied.artifacts.global.update_age |
| Endpoint.policy.applied.artifacts.global.version |
Expand Down
4 changes: 2 additions & 2 deletions custom_documentation/doc/endpoint/process/linux/linux_process_already_running.md
View file
Open in desktop
Original file line number Diff line number Diff line change
Expand Up @@ -65,11 +65,11 @@ This event is generated for a process that was already running before Endpoint's
| orchestrator.resource.parent.type |
| orchestrator.resource.type |
| process.Ext.ancestry |
| process.Ext.command_line_truncated |
| process.Ext.trusted |
| process.args |
| process.args_count |
| process.command_line |
| process.Ext.command_line_truncated |
| process.entity_id |
| process.entry_leader.args |
| process.entry_leader.args_count |
Expand Down Expand Up @@ -128,10 +128,10 @@ This event is generated for a process that was already running before Endpoint's
| process.hash.sha256 |
| process.interactive |
| process.name |
| process.parent.Ext.command_line_truncated |
| process.parent.args |
| process.parent.args_count |
| process.parent.command_line |
| process.parent.Ext.command_line_truncated |
| process.parent.entity_id |
| process.parent.executable |
| process.parent.group.id |
Expand Down
4 changes: 2 additions & 2 deletions custom_documentation/doc/endpoint/process/linux/linux_process_fork_exec_exit.md
View file
Open in desktop
Original file line number Diff line number Diff line change
Expand Up @@ -65,12 +65,12 @@ This event is generated when a process calls `fork()`, `exec()`, exits, or an ag
| orchestrator.resource.parent.type |
| orchestrator.resource.type |
| process.Ext.ancestry |
| process.Ext.command_line_truncated |
| process.Ext.trusted |
| process.Ext.trusted_descendant |
| process.args |
| process.args_count |
| process.command_line |
| process.Ext.command_line_truncated |
| process.end |
| process.entity_id |
| process.entry_leader.args |
Expand Down Expand Up @@ -132,10 +132,10 @@ This event is generated when a process calls `fork()`, `exec()`, exits, or an ag
| process.hash.sha256 |
| process.interactive |
| process.name |
| process.parent.Ext.command_line_truncated |
| process.parent.args |
| process.parent.args_count |
| process.parent.command_line |
| process.parent.Ext.command_line_truncated |
| process.parent.entity_id |
| process.parent.executable |
| process.parent.group.id |
Expand Down
4 changes: 2 additions & 2 deletions custom_documentation/doc/endpoint/process/linux/linux_process_gid_change.md
View file
Open in desktop
Original file line number Diff line number Diff line change
Expand Up @@ -65,11 +65,11 @@ This event is generated when the group id changes for a process.
| orchestrator.resource.parent.type |
| orchestrator.resource.type |
| process.Ext.ancestry |
| process.Ext.command_line_truncated |
| process.Ext.trusted_descendant |
| process.args |
| process.args_count |
| process.command_line |
| process.Ext.command_line_truncated |
| process.end |
| process.entity_id |
| process.entry_leader.args |
Expand Down Expand Up @@ -130,10 +130,10 @@ This event is generated when the group id changes for a process.
| process.hash.sha256 |
| process.interactive |
| process.name |
| process.parent.Ext.command_line_truncated |
| process.parent.args |
| process.parent.args_count |
| process.parent.command_line |
| process.parent.Ext.command_line_truncated |
| process.parent.entity_id |
| process.parent.executable |
| process.parent.group.id |
Expand Down
16 changes: 8 additions & 8 deletions custom_documentation/doc/endpoint/process/linux/linux_process_memfd_create.md
View file
Open in desktop
Original file line number Diff line number Diff line change
Expand Up @@ -64,19 +64,19 @@ This event is generated when when a memfd anonymous file is created.
| orchestrator.resource.parent.type |
| orchestrator.resource.type |
| process.Ext.ancestry |
| process.Ext.trusted |
| process.Ext.trusted_descendant |
| process.Ext.memfd.flag_hugetlb |
| process.Ext.command_line_truncated |
| process.Ext.memfd.flag_allow_seal |
| process.Ext.memfd.flags |
| process.Ext.memfd.name |
| process.Ext.memfd.flag_exec |
| process.Ext.memfd.flag_cloexec |
| process.Ext.memfd.flag_exec |
| process.Ext.memfd.flag_hugetlb |
| process.Ext.memfd.flag_noexec_seal |
| process.Ext.memfd.flags |
| process.Ext.memfd.name |
| process.Ext.trusted |
| process.Ext.trusted_descendant |
| process.args |
| process.args_count |
| process.command_line |
| process.Ext.command_line_truncated |
| process.end |
| process.entity_id |
| process.entry_leader.args |
Expand Down Expand Up @@ -137,10 +137,10 @@ This event is generated when when a memfd anonymous file is created.
| process.hash.sha256 |
| process.interactive |
| process.name |
| process.parent.Ext.command_line_truncated |
| process.parent.args |
| process.parent.args_count |
| process.parent.command_line |
| process.parent.Ext.command_line_truncated |
| process.parent.entity_id |
| process.parent.executable |
| process.parent.group.id |
Expand Down
8 changes: 4 additions & 4 deletions custom_documentation/doc/endpoint/process/linux/linux_process_ptrace.md
View file
Open in desktop
Original file line number Diff line number Diff line change
Expand Up @@ -64,14 +64,14 @@ This event is generated when when a process calls ptrace_attach on another proce
| orchestrator.resource.parent.type |
| orchestrator.resource.type |
| process.Ext.ancestry |
| process.Ext.trusted |
| process.Ext.trusted_descendant |
| process.Ext.command_line_truncated |
| process.Ext.ptrace.child_pid |
| process.Ext.ptrace.request |
| process.Ext.trusted |
| process.Ext.trusted_descendant |
| process.args |
| process.args_count |
| process.command_line |
| process.Ext.command_line_truncated |
| process.end |
| process.entity_id |
| process.entry_leader.args |
Expand Down Expand Up @@ -133,10 +133,10 @@ This event is generated when when a process calls ptrace_attach on another proce
| process.hash.sha256 |
| process.interactive |
| process.name |
| process.parent.Ext.command_line_truncated |
| process.parent.args |
| process.parent.args_count |
| process.parent.command_line |
| process.parent.Ext.command_line_truncated |
| process.parent.entity_id |
| process.parent.executable |
| process.parent.group.id |
Expand Down
2 changes: 1 addition & 1 deletion custom_documentation/doc/endpoint/process/linux/linux_process_session_id_change.md
View file
Open in desktop
Original file line number Diff line number Diff line change
Expand Up @@ -65,10 +65,10 @@ This event is generated when a process's session id changes.
| orchestrator.resource.parent.type |
| orchestrator.resource.type |
| process.Ext.ancestry |
| process.Ext.command_line_truncated |
| process.args |
| process.args_count |
| process.command_line |
| process.Ext.command_line_truncated |
| process.entity_id |
| process.entry_leader.args |
| process.entry_leader.args_count |
Expand Down
8 changes: 4 additions & 4 deletions custom_documentation/doc/endpoint/process/linux/linux_process_shmget.md
View file
Open in desktop
Original file line number Diff line number Diff line change
Expand Up @@ -64,11 +64,11 @@ This event is generated when when a process calls shmget().
| orchestrator.resource.parent.type |
| orchestrator.resource.type |
| process.Ext.ancestry |
| process.Ext.trusted |
| process.Ext.trusted_descendant |
| process.Ext.shmget.size |
| process.Ext.shmget.flags |
| process.Ext.shmget.key |
| process.Ext.shmget.size |
| process.Ext.trusted |
| process.Ext.trusted_descendant |
| process.args |
| process.args_count |
| process.command_line |
Expand Down Expand Up @@ -133,10 +133,10 @@ This event is generated when when a process calls shmget().
| process.hash.sha256 |
| process.interactive |
| process.name |
| process.parent.Ext.command_line_truncated |
| process.parent.args |
| process.parent.args_count |
| process.parent.command_line |
| process.parent.Ext.command_line_truncated |
| process.parent.entity_id |
| process.parent.executable |
| process.parent.group.id |
Expand Down
4 changes: 2 additions & 2 deletions custom_documentation/doc/endpoint/process/linux/linux_process_text_output.md
View file
Open in desktop
Original file line number Diff line number Diff line change
Expand Up @@ -64,10 +64,10 @@ This event is generated when a process generates text output.
| orchestrator.resource.parent.type |
| orchestrator.resource.type |
| process.Ext.ancestry |
| process.Ext.command_line_truncated |
| process.args |
| process.args_count |
| process.command_line |
| process.Ext.command_line_truncated |
| process.entity_id |
| process.entry_leader.args |
| process.entry_leader.args_count |
Expand Down Expand Up @@ -130,10 +130,10 @@ This event is generated when a process generates text output.
| process.io.total_bytes_skipped |
| process.io.type |
| process.name |
| process.parent.Ext.command_line_truncated |
| process.parent.args |
| process.parent.args_count |
| process.parent.command_line |
| process.parent.Ext.command_line_truncated |
| process.parent.entity_id |
| process.parent.executable |
| process.parent.group.id |
Expand Down
4 changes: 2 additions & 2 deletions custom_documentation/doc/endpoint/process/linux/linux_process_uid_change.md
View file
Open in desktop
Original file line number Diff line number Diff line change
Expand Up @@ -64,12 +64,12 @@ This event is generated when the user id changes for a process.
| orchestrator.resource.parent.type |
| orchestrator.resource.type |
| process.Ext.ancestry |
| process.Ext.command_line_truncated |
| process.Ext.trusted |
| process.Ext.trusted_descendant |
| process.args |
| process.args_count |
| process.command_line |
| process.Ext.command_line_truncated |
| process.end |
| process.entity_id |
| process.entry_leader.args |
Expand Down Expand Up @@ -130,10 +130,10 @@ This event is generated when the user id changes for a process.
| process.hash.sha256 |
| process.interactive |
| process.name |
| process.parent.Ext.command_line_truncated |
| process.parent.args |
| process.parent.args_count |
| process.parent.command_line |
| process.parent.Ext.command_line_truncated |
| process.parent.entity_id |
| process.parent.executable |
| process.parent.group.id |
Expand Down
4 changes: 2 additions & 2 deletions custom_documentation/doc/endpoint/process/macos/macos_process_already_running.md
View file
Open in desktop
Original file line number Diff line number Diff line change
Expand Up @@ -48,6 +48,7 @@ This event is generated for a process that was already running before Endpoint's
| host.os.version |
| message |
| process.Ext.ancestry |
| process.Ext.command_line_truncated |
| process.Ext.effective_parent.pid |
| process.args |
| process.args_count |
Expand All @@ -58,7 +59,6 @@ This event is generated for a process that was already running before Endpoint's
| process.code_signature.team_id |
| process.code_signature.trusted |
| process.command_line |
| process.Ext.command_line_truncated |
| process.entity_id |
| process.env_vars |
| process.executable |
Expand All @@ -67,9 +67,9 @@ This event is generated for a process that was already running before Endpoint's
| process.hash.sha256 |
| process.name |
| process.parent.args_count |
| process.parent.command_line |
| process.parent.entity_id |
| process.parent.pid |
| process.parent.command_line |
| process.pid |
| user.Ext.real.id |
| user.Ext.real.name |
Expand Down
4 changes: 2 additions & 2 deletions custom_documentation/doc/endpoint/process/macos/macos_process_fork_exec_exit.md
View file
Open in desktop
Original file line number Diff line number Diff line change
Expand Up @@ -52,6 +52,7 @@ This event is generated when a process calls `fork()`, `exec()`, or exits.
| host.os.version |
| message |
| process.Ext.ancestry |
| process.Ext.command_line_truncated |
| process.Ext.effective_parent.entity_id |
| process.Ext.effective_parent.executable |
| process.Ext.effective_parent.name |
Expand All @@ -67,7 +68,6 @@ This event is generated when a process calls `fork()`, `exec()`, or exits.
| process.code_signature.team_id |
| process.code_signature.trusted |
| process.command_line |
| process.Ext.command_line_truncated |
| process.entity_id |
| process.env_vars |
| process.executable |
Expand All @@ -83,11 +83,11 @@ This event is generated when a process calls `fork()`, `exec()`, or exits.
| process.parent.code_signature.subject_name |
| process.parent.code_signature.team_id |
| process.parent.code_signature.trusted |
| process.parent.command_line |
| process.parent.entity_id |
| process.parent.executable |
| process.parent.name |
| process.parent.pid |
| process.parent.command_line |
| process.pid |
| user.Ext.real.id |
| user.Ext.real.name |
Expand Down
4 changes: 2 additions & 2 deletions custom_documentation/doc/endpoint/process/macos/macos_process_remote_thread.md
View file
Open in desktop
Original file line number Diff line number Diff line change
Expand Up @@ -53,6 +53,7 @@ This event is generated when a remote thread is created.
| host.os.version |
| message |
| process.Ext.ancestry |
| process.Ext.command_line_truncated |
| process.Ext.effective_parent.pid |
| process.Ext.trusted |
| process.args |
Expand All @@ -63,7 +64,6 @@ This event is generated when a remote thread is created.
| process.code_signature.team_id |
| process.code_signature.trusted |
| process.command_line |
| process.Ext.command_line_truncated |
| process.entity_id |
| process.env_vars |
| process.executable |
Expand All @@ -78,11 +78,11 @@ This event is generated when a remote thread is created.
| process.parent.code_signature.subject_name |
| process.parent.code_signature.team_id |
| process.parent.code_signature.trusted |
| process.parent.command_line |
| process.parent.entity_id |
| process.parent.executable |
| process.parent.name |
| process.parent.pid |
| process.parent.command_line |
| process.pid |
| user.Ext.real.id |
| user.Ext.real.name |
Expand Down
Loading