process-memory-protect
April 24, 2024 · View on GitHub
Description
Virtual memory was protected
Parameters
| Parameter | Value |
|---|---|
| Subject | process |
| Activity | memory-protect |
| Activity Type | process-memory-protect |
| Pretty Name | Process Memory Protect |
Fields
The possible fields for this activity type will vary depending on whether the activity was a success or a fail.
process-memory-protect:success
| Field | Core | Detection | Informational |
|---|---|---|---|
| memory_address | ✓ | ||
| memory_size | ✓ | ||
| memory_protection | ✓ |
process-memory-protect:fail
| Field | Core | Detection | Informational |
|---|---|---|---|
| failure_code | ✓ | ||
| memory_address | ✓ | ||
| failure_reason | ✓ | ||
| memory_size | ✓ | ||
| memory_protection | ✓ |