Access official resources from Carbon Black experts
5.2.X and earlier
In a cross_process event type there is a key named "requested_acces", what is this value and how can it be decoded?
The value for for the key requested_acces is an access mask value as defined by Microsoft and is Windows specific. This value is included in cross_process event type to capture the access requested from one process to another. To understand what this value means:
https://msdn.microsoft.com/en-us/library/windows/desktop/ms684880(v=vs.85).aspx
In this case, it is specifying all STANDARD/SPECIFIC rights:
#define STANDARD_RIGHTS_ALL (0x001F0000L)
#define SPECIFIC_RIGHTS_ALL (0x0000FFFFL)
combined: 0x001FFFFFL (which equates to 1FFFFF)
Copyright © 2005-2023 Broadcom. All Rights Reserved. The term “Broadcom” refers to Broadcom Inc. and/or its subsidiaries.