Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

[FR] Parent Process Name Support #131

Open
2 of 10 tasks
rc-MikeDevens opened this issue Jul 24, 2023 · 0 comments · May be fixed by #139
Open
2 of 10 tasks

[FR] Parent Process Name Support #131

rc-MikeDevens opened this issue Jul 24, 2023 · 0 comments · May be fixed by #139
Assignees
Labels

Comments

@rc-MikeDevens
Copy link

Which category is the feature part of?

  • Definition File
  • Code/Logic Feature
  • Other (please explain)

Which product is the feature part of?

  • All Products
  • Carbon Black Response
  • Carbon Black Threat Hunter
  • Defender for Endpoints
  • SentinelOne
  • Cortex
  • Other

Use Cases

For example, I might want to search for any instance an arbitrary child process of a given process made a file modification. That query might look something like parent_name:agent.exe AND filemod_name:file.txt.

Proposal

Add support for 'parent process name' to definition files.

@rc-csmith rc-csmith linked a pull request Jul 26, 2023 that will close this issue
@rc-csmith rc-csmith self-assigned this Jul 26, 2023
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Labels
Projects
None yet
Development

Successfully merging a pull request may close this issue.

2 participants