Entity id desc #1
Draft
Commits on Nov 29, 2023
-
Update process.entity_id description with recommended generation methods
Update the process.entity_id description with recommended generation methods. These methods will allow entity_id to be generated reproducibly, while being unique to a process. If different data source collectors use the recommeded generation method, and observe events from the same process, they will generate the same entity_id, and it will be possible to corralate the events and identify them as belonging to the same process later.
-
Commits on Dec 7, 2023
-
Re-order fields in entity_id definition
Re-order the entity_id fields to have the PID, start time first. To improve human readability and scanning effeciency, the fields that change most often are first. Also redefined Windows entity_id to use existing Windows process fields that are more likely to be unique for the process.
Add this suggestion to a batch that can be applied as a single commit.
This suggestion is invalid because no changes were made to the code.
Suggestions cannot be applied while the pull request is closed.
Suggestions cannot be applied while viewing a subset of changes.
Only one suggestion per line can be applied in a batch.
Add this suggestion to a batch that can be applied as a single commit.
Applying suggestions on deleted lines is not supported.
You must change the existing code in this line in order to create a valid suggestion.
Outdated suggestions cannot be applied.
This suggestion has been applied or marked resolved.
Suggestions cannot be applied from pending reviews.
Suggestions cannot be applied on multi-line comments.
Suggestions cannot be applied while the pull request is queued to merge.
Suggestion cannot be applied right now. Please check back later.