Skip to main content

Processes

To navigate to the Processes dossier in the Lacework Console, click Resources > Host > Processes. For information about filtering dossier data, see Dossier Navigation and Filters.

Dashboard

These graphs aggregate data for all applications. Available graphs present CPU usage, memory usage, and network-related information such as connections and bytes.

Alerts for processes where Lacework agents are installed.

Polygraphs

See View the Lacework Polygraph

Unique process details

This table lists processes observed across hosts. Available information includes PID, process start and end times, command line used to launch, parent PID and other relevant information.

List of applications

This table displays observed applications across all machines.

Active listening ports

This table displays any open ports on the host. Note that the displayed ports are open locally and any blocks by firewalls or iptables are not reflected.

Executable versions

This table displays a detailed view of applications that includes path, hash, package info, and version, when it can be determined.

Command line by executable

This table displays observed applications including the command line that was used to launch the process. This information can be useful for getting more insight into any arguments passed to the process at launch time.

Applications information

This table displays the username and hostname for all observed applications.

TCP and UDP Tables

The information in these tables is related to network connections as they relate to processes.

The tables display internal and external connections, with TCP and UDP presented separately. Information about ports, bytes transferred, destination, etc. are displayed in the relevant tables.