Auto-Generated Documentation
This set of documentation is automatically generated from source, and will help ensure any change to functionality will always be documented and available on release.
Process¶
These fields contain information about a process.
| Field | Type | Description | Required | Default |
|---|---|---|---|---|
| args | List [Keyword] | Array of process arguments, starting with the absolute path to the executable. | Optional | None |
| args_count | Integer | Length of the process.args array. | Optional | None |
| command_line | Keyword | Full command line that started the process, including the absolute path to the executable, and all arguments. | Optional | None |
| end | Date | None | Optional | None |
| entity_id | Keyword | Unique identifier for the process. | Optional | None |
| env_vars | Mapping [Keyword] | Environment variables (env_vars) set at the time of the event. May be filtered to protect sensitive information. | Optional | None |
| executable | Keyword | Absolute path to the process executable. | Optional | None |
| exit_code | Integer | The exit code of the process, if this is a termination event. | Optional | None |
| interactive | Boolean | Whether the process is connected to an interactive shell. | Optional | None |
| name | Keyword | Process name. | Optional | None |
| parent | List [ParentProcess] | Information about the parent process. | Optional | None |
| pid | Integer | Process id. | Optional | None |
| same_as_process | Boolean | This boolean is used to identify if a leader process is the same as the top level process. | Optional | None |
| start | Date | The time the process started. | Optional | None |
| title | Keyword | Process title. | Optional | None |
| uptime | Integer | Seconds the process has been up. | Optional | None |
| user | ShortUser | The effective user (euid). | Optional | None |
| working_directory | Keyword | The working directory of the process. | Optional | None |