To navigate to the Processes dossier in the Lacework Console, click Resources > Host > Processes. See Dossier Navigation and Filters for information about filtering dossier data.
These charts aggregate data for all applications. Available charts present CPU usage, memory usage, network-related information such as connections and bytes, etc.
The timeline displays events that match the date/time filter and any specified optional parameter filters set at the top of the page.
These Polygraphs display all observed network activity from running applications. Available Polygraphs include Application Communication, Application Launch, and Insider Behavior.
Displayed information includes any connections made to or from an application and the number of connections. Also available are internal connections to other applications running on the host and external connections to hosts. If any external connections are made to known bad domains/IP’s, they are flagged.
Unique Process Details
This table lists processes observed across hosts. Available information includes PID, process start and end times, command line used to launch, parent PID and other relevant information.
List of Applications
This table displays observed applications across all machines.
Active Listening Ports
This table displays any open ports on the host. Note that the displayed ports are open locally and any blocks by firewalls or iptables are not reflected.
This table displays a detailed view of applications that includes path, hash, package info, and version, when it can be determined.
Command Line by Executable
This table displays observed applications, including the command line that was used to launch the process. This information can be useful for getting more insight into any arguments passed to the process at launch time.
This table displays the username and hostname for all observed applications.
TCP and UDP Tables
The information in these tables’ is related to network connections as they relate to processes.
The tables display internal and external connections, with TCP and UDP presented separately. Information about ports, bytes transferred, destination, etc. are displayed in the relevant tables.