processes¶
$ target-query <path/to/target> -f processes
Module |
|
Output |
|
Module documentation
Linux /proc process volatile plugin.
Function documentation
Return the processes available in /proc and the stats associated with them.
There is a numerical subdirectory for each running process; the subdirectory is named by the process ID.
Each /proc/[pid] subdirectory contains various pseudo-files.
Yields ProcProcessRecord with the following fields:
hostname (string): The target hostname.
domain (string): The target domain.
ts (datetime): The start time of the process.
name (string): The name of the process.
state (string): The state of the process.
pid (int): The process ID of the process.
runtime (datetime): The amount of time the process is running until moment of acquisition.
ppid (int): The parent process ID of the process.
parent (string): The name of the parent process ID.