process-memory-read
March 22, 2023 · View on GitHub
Description
Virtual memory was read from a process
Parameters
| Parameter | Value |
|---|---|
| Subject | process |
| Activity | memory-read |
| Activity Type | process-memory-read |
| Pretty Name | Process Memory Read |
Fields
The possible fields for this activity type will vary depending on whether the activity was a success or a fail.
process-memory-read:success
| Field | Core | Detection | Informational |
|---|---|---|---|
| memory_address | ✓ | ||
| memory_size | ✓ | ||
| memory_protection | ✓ |
process-memory-read:fail
| Field | Core | Detection | Informational |
|---|---|---|---|
| failure_code | ✓ | ||
| memory_address | ✓ | ||
| failure_reason | ✓ | ||
| memory_size | ✓ | ||
| memory_protection | ✓ |