this tool (SNARE), again, seems to treat the 'string' field of the
reported event as one, opaque field, which make the extraction of the
parent PID very difficult for automated parser.
i'm not interested in just finding all process creation events, but rather
in correlation between process creation...
reported event as one, opaque field, which make the extraction of the
parent PID very difficult for automated parser.
i'm not interested in just finding all process creation events, but rather
in correlation between process creation...
[ more ]