Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

Make attributes that compose a fingerprint configurable #26

Open
joshrosso opened this issue Jan 4, 2023 · 0 comments
Open

Make attributes that compose a fingerprint configurable #26

joshrosso opened this issue Jan 4, 2023 · 0 comments
Labels
kind/feature adds (or enhances) new functionality milestone/backlog no target release (work unplanned)

Comments

@joshrosso
Copy link
Contributor

Today, to generate a process fingerprint (proctor fp), we take the checksum value of the process and its parents SHAs and combine it to create a new checksum, which is the fingerprint.

The primary use-case of fingerprinting is anomaly detection. As such, the only variance that would cause a different SHA is if the binary of the process or parent process changes. This may not be enough for all users.

The issues proposes introducing configuration where a user may choose the attributes of a process that should be used to generate the fingerprint. This configuration should be global to proctor and stored in a configuration file. Proctor's parsing of this configuration file should then be passed into plib when gathering data.
@joshrosso joshrosso added milestone/backlog no target release (work unplanned) kind/feature adds (or enhances) new functionality labels Jan 4, 2023
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Assignees
No one assigned
Labels
kind/feature adds (or enhances) new functionality milestone/backlog no target release (work unplanned)
Projects
None yet
Milestone
No milestone
Development

No branches or pull requests
1 participant
@joshrosso