Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

ProcessTree: add macOS specific loader and ES adapter (2/4) #1237

Merged
merged 9 commits into from
Feb 20, 2024

Conversation

kallsyms
Copy link
Contributor

@kallsyms kallsyms commented Nov 16, 2023

The process tree library is meant to be usable by Santa, other macOS agents, and even other OSs. This PR adds the macOS specific LoadPID to backfill running processes on startup, and an adapter to transform from EndpointSecurity events to mutations on the tree.

@pmarkowsky pmarkowsky changed the title ProcessTree: add macOS specific loader and ES adapter ProcessTree: add macOS specific loader and ES adapter (2/4) Nov 17, 2023
@kallsyms kallsyms force-pushed the pt-2 branch 3 times, most recently from c24c00f to 5ef4a29 Compare December 19, 2023 23:39
@kallsyms kallsyms force-pushed the pt-2 branch 2 times, most recently from b9129f6 to 5003da5 Compare February 5, 2024 23:16
@kallsyms kallsyms marked this pull request as ready for review February 5, 2024 23:16
@kallsyms kallsyms requested a review from a team as a code owner February 5, 2024 23:16
@kallsyms kallsyms merged commit 42eb0a3 into google:main Feb 20, 2024
9 checks passed
@kallsyms kallsyms deleted the pt-2 branch February 20, 2024 18:56
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Projects
None yet
Development

Successfully merging this pull request may close these issues.

3 participants