To navigate to the Processes dossier in the Lacework Console, click Resources > Host > Processes. For information about filtering dossier data, see Dossier Navigation and Filters.
These graphs aggregate data for all applications. Available graphs present CPU usage, memory usage, and network-related information such as connections and bytes.
Alerts for processes where Lacework agents are installed.
Unique process details
This table lists processes observed across hosts. Available information includes PID, process start and end times, command line used to launch, parent PID and other relevant information.
List of applications
This table displays observed applications across all machines.
Active listening ports
This table displays any open ports on the host. Note that the displayed ports are open locally and any blocks by firewalls or iptables are not reflected.
This table displays a detailed view of applications that includes path, hash, package info, and version, when it can be determined.
Command line by executable
This table displays observed applications including the command line that was used to launch the process. This information can be useful for getting more insight into any arguments passed to the process at launch time.
This table displays the username and hostname for all observed applications.
TCP and UDP Tables
The information in these tables is related to network connections as they relate to processes.
The tables display internal and external connections, with TCP and UDP presented separately. Information about ports, bytes transferred, destination, etc. are displayed in the relevant tables.