You signed in with another tab or window. Reload to refresh your session.You signed out in another tab or window. Reload to refresh your session.You switched accounts on another tab or window. Reload to refresh your session.Dismiss alert
The default rules lack a unique identifier for the processes that cause events, making it impossible to merge information with other sources in many cases.
Feature
Adding pid=%proc.pid to the output of all the default rules would be perfect. I could easily create a PR for this if necessary.
Alternatives
One could override all the rules and specify PIDs, or append to all their outputs if that functionality is added, but the number of default rules makes either option not appealing.
Additional context
The text was updated successfully, but these errors were encountered:
Motivation
The default rules lack a unique identifier for the processes that cause events, making it impossible to merge information with other sources in many cases.
Feature
Adding
pid=%proc.pidto the output of all the default rules would be perfect. I could easily create a PR for this if necessary.Alternatives
One could override all the rules and specify PIDs, or append to all their outputs if that functionality is added, but the number of default rules makes either option not appealing.
Additional context
The text was updated successfully, but these errors were encountered: