sysmon-process-tree command does not show root process
#54
Comments
Sign up for free
to join this conversation on GitHub.
Already have an account?
Sign in to comment
sysmon-process-treecommand does not show root processes likeexplorer.exebecause those processes start up before sysmon and do not have a log that the process was launched. However, we can still get the parent process name and GUID from the parent process field information indirectly so I would like to output the parent root process as well.Because we are outputting the child processes recursively, if we outputted all child processes from the root process it would be too much information, so in case of the root process, I don't want to output the other child processes.
If a user specifies a root process GUID, then recursively all child process information of that root process should be outputted.
@fukusuket Could I ask you to do this issue?
The text was updated successfully, but these errors were encountered: