Skip to main content

vast limits GmbH and uberAgent are now part of Citrix, a business unit of Cloud Software Group. Learn more at Citrix.com.

Documentation

Version

  1. uberAgent
  2. 7.1.2
  3. ESA Features & Configuration
  4. Threat Detection Engine
  5. Event Properties
  6. Remote Thread Event Properties
Previous document Next document

Remote Thread Event Properties

The following event properties can be used with create remote thread events in uAQL queries (event type Process.CreateRemoteThread). In addition to the properties listed here, the common properties are applicable, too.

Property name uAQL Data Type Description Platform
Thread.Id Integer The thread identifier of the newly created thread. Win
Thread.Timestamp Integer Event Timestamp Win
Thread.Process.Id Integer The process identifier of the process that runs the newly created thread. Win
Thread.Parent.Id Integer The process identifier of the process that has initiated the remote thread. Win
Thread.StartAddress Integer The absolute address in virtual memory where the function is located. Win
Thread.StartModule String The name of the library where the function that was started is located in. Win
Thread.StartFunctionName String The name of the function that was started as entry point for the new thread. Win

Comments

Your email address will not be published. Required fields are marked *