For example, I might want to search for any instance an arbitrary child process of a given process made a file modification. That query might look something like parent_name:agent.exe AND filemod_name:file.txt.
Proposal
Add support for 'parent process name' to definition files.
Which category is the feature part of?
Which product is the feature part of?
Use Cases
For example, I might want to search for any instance an arbitrary child process of a given process made a file modification. That query might look something like
parent_name:agent.exe AND filemod_name:file.txt.Proposal
Add support for 'parent process name' to definition files.