You signed in with another tab or window. Reload to refresh your session.You signed out in another tab or window. Reload to refresh your session.You switched accounts on another tab or window. Reload to refresh your session.Dismiss alert
Currently, there's a "lineage" attribute as part of Process object, that is defined as
"The lineage of the process, represented by a list of paths for each ancestor process. For example: ['/usr/sbin/sshd', '/usr/bin/bash', '/usr/bin/whoami']."
That's a very useful, but not accurate given it's providing only the paths and there could be many process with same paths, etc.
The proposal is to add a lineage_uids attribute that will include all ancestors process uids (unique identifiers) for better and accurate tracking the process lineage.
It's still optional, but consumers can easily look here to reconstruct the "process tree" of a given Process object given the field is provided. (Most of the time endpoint products that have the process tree in memory or are able to reconstruct it before generating the Process object)
The text was updated successfully, but these errors were encountered:
Currently, there's a "lineage" attribute as part of Process object, that is defined as
"The lineage of the process, represented by a list of paths for each ancestor process. For example: ['/usr/sbin/sshd', '/usr/bin/bash', '/usr/bin/whoami']."
That's a very useful, but not accurate given it's providing only the paths and there could be many process with same paths, etc.
The proposal is to add a lineage_uids attribute that will include all ancestors process uids (unique identifiers) for better and accurate tracking the process lineage.
It's still optional, but consumers can easily look here to reconstruct the "process tree" of a given Process object given the field is provided. (Most of the time endpoint products that have the process tree in memory or are able to reconstruct it before generating the Process object)
The text was updated successfully, but these errors were encountered: