Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

Consider adding an equivalent field to endgame.parent_process_name in ECS #597

Closed
andrew-goldstein opened this issue Oct 25, 2019 · 1 comment · Fixed by #612
Closed

Consider adding an equivalent field to endgame.parent_process_name in ECS #597

andrew-goldstein opened this issue Oct 25, 2019 · 1 comment · Fixed by #612

Comments

@andrew-goldstein
Copy link
Contributor

In the current version of ECS (1.2 at the time of this writing), the ECS Process fields have a field to store parent process id:

process.ppid

, however I'm not seeing a field to store the parent process name, which would be equivalent to:

endgame.parent_process_name

Please consider adding an equivalent field to endgame.parent_process_name in ECS.

Originally posted by @andrew-goldstein in #589 (comment)
@webmat
Copy link
Contributor

webmat commented Oct 28, 2019

I agree with this, makes a lot of sense.

@webmat webmat mentioned this issue Nov 15, 2019
Merged
@rw-access rw-access mentioned this issue Nov 26, 2019
Closed
40 tasks
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Assignees
No one assigned
Labels
None yet
Projects
None yet
Milestone
No milestone
Development

Successfully merging a pull request may close this issue.

Add process.parent by duplicating all fields explicitly webmat/ecs
2 participants
@webmat @andrew-goldstein