Closed thehesiod closed 5 years ago
msuozzo
commented
5 years ago I think this was another thing we dropped from the schema after we implemented Event deduping (since parent_name didn't have a 1:1 associated with the Event anymore). While I certainly think it's reasonable for you to add it if you need it, I'm not sure Upvote should commit to storing all values sent from Santa. Where do you see this information being surfaced?
thehesiod
commented
5 years ago parent_name is coming from the events sent via santad via sync...so I'm not sure what you mean it doesn't have a 1:1 association with event. It has the same behavior as event_type, given it means the most recent parent_name a said event occurred with. Given I've described a useful scenario for displaying this information it seems useful no?
thehesiod
commented
5 years ago thehesiod
commented
5 years ago closing in favor of https://github.com/google/upvote/issues/24
this key is sent via santa, but is not stored to the events datastore table...this is useful when things are marked as run as root, so we can see if it was called via sudo or not.