Processes
To navigate to the Processes dossier in the Lacework Console, click Resources > Host > Processes. For information about filtering dossier data, see Dossier Navigation and Filters.
Dashboard
These graphs aggregate data for all applications. Available graphs present CPU usage, memory usage, and network-related information such as connections and bytes.
Related alerts
Alerts for processes where Lacework agents are installed.
Polygraphs
See View the Lacework Polygraph
Unique process details
This table lists processes observed across hosts. Available information includes PID, process start and end times, command line used to launch, parent PID and other relevant information.
List of applications
This table displays observed applications across all machines.
Active listening ports
This table displays any open ports on the host. Note that the displayed ports are open locally and any blocks by firewalls or iptables are not reflected.
Executable versions
This table displays a detailed view of applications that includes path, hash, package info, and version, when it can be determined.
Command line by executable
This table displays observed applications including the command line that was used to launch the process. This information can be useful for getting more insight into any arguments passed to the process at launch time.
Applications information
This table displays the username and hostname for all observed applications.
TCP and UDP Tables
The information in these tables is related to network connections as they relate to processes.
The tables display internal and external connections, with TCP and UDP presented separately. Information about ports, bytes transferred, destination, etc. are displayed in the relevant tables.