Data Source: Linux Auditd Proctitle

Description

Logs the full command-line arguments of a process execution on a Linux system, providing visibility into the executed command and its parameters.

Details

Property Value
Source auditd
Sourcetype auditd
Separator type

Supported Apps

Event Fields

+ Fields
  <span class="pill kill-chain">proctitle</span>
  
  <span class="pill kill-chain">msg</span>
  
  <span class="pill kill-chain">type</span>
  
</div>

Example Log

1type=PROCTITLE msg=audit(1722944427.844:4146): proctitle=63686D6F640037373700312E7368

Source: GitHub | Version: 2