Filter by parent process + View child processes in event metadata #12
Assignees
Labels
accepted-request
This feature request has been initially accepted. We'll start digging.
rc-mac-feature-request
Comments
Brandon7CC
added
the
accepted-request
|
@AndrewMohawk I completely agree! Bringing child proc info to the foreground is something that I've had implemented before, but wanted to wait to think about how to display the telemetry more. |
Sign up for free
to join this conversation on GitHub.
Already have an account?
Sign in to comment
At a high level -- can you summarize your request?
If I come across an event such as a bash being called from a process I'd like to be able to filter to find all other forks that the parent process executed. Alternatively if I have the event parent process in event viewer, I'd like to be able to see the children of that event.
Example: here I have sentineld_updater calling two bash scripts:
I'd like an easy way to be able to view all subprocesses from this parent/initiating process. Here is the event metadata I can view as well as then the initiating process:
What is the current alternative solution?
Identify the event as well as its parent and then use the search to try and narrow down events containing that name
The text was updated successfully, but these errors were encountered: