Closed eeriedusk closed 1 year ago
The lack of m_AuthenticationId CO-RE compilation flag in ebpfKern/sysmonProcCreate.c#L156 leads to missing ProcessCreate events user field.
m_AuthenticationId
The lack of
m_AuthenticationIdCO-RE compilation flag in ebpfKern/sysmonProcCreate.c#L156 leads to missing ProcessCreate events user field.