Report PID of process that caused alert
Opened this issue · 0 comments
mssalvatore commented
When TMPWatcher sends an alert, it should report which PID caused the alert so that an analyst can quickly and easily perform a root cause analysis.
Investigate using BPF and/or fanotify to achieve this. This feature may need to be enabled/disabled depending on what version of the linux kernel is running.