Add test demonstrating process tracking confusion

threathunters-io / laurel

Transform Linux Audit logs for SIEM usage

GNU General Public License v3.0

707 stars 56 forks source link

Closed hillu closed 1 year ago

hillu commented 1 year ago

This is based upon data observed in production systems. Due to PID reuse, the wrong process metadata could be used for PID enrichment.