Report PID of process that caused alert

Question

Report PID of process that caused alert

Opened this issue 4 years ago · 0 comments

When TMPWatcher sends an alert, it should report which PID caused the alert so that an analyst can quickly and easily perform a root cause analysis.

Investigate using BPF and/or fanotify to achieve this. This feature may need to be enabled/disabled depending on what version of the linux kernel is running.