Processes
Overview
Section titled “Overview”Evidence: Processes
Description: Collect process list
Category: System
Platform: linux
Short Name: process
Is Parsed: Yes
Sent to Investigation Hub: Yes
Collect File(s): No
Background
Section titled “Background”Process information on AIX systems provides detailed records of running processes, their attributes, and system resource usage. This data is essential for understanding system activity, detecting malicious processes, and investigating process-related security incidents. AIX process information includes process IDs, command lines, resource usage, and execution context.
Data Collected
Section titled “Data Collected”This collector gathers structured data about processes.
Processes Data
Section titled “Processes Data”| Field | Description | Example |
|---|---|---|
CWD | CWD | Example value |
ChildrenMajorFaults | Children Major Faults | 123 |
ChildrenMinorFaults | Children Minor Faults | 123 |
Command | Command | Example value |
CommandLine | Command Line | Example value |
EffectiveGroupId | Effective Group Id | 123 |
EffectiveUserId | Effective User Id | 123 |
EffectiveUserName | Effective User Name | Example value |
Environment | Environment | Example value |
Executable | Executable | Example value |
IsExecutableExists | Is Executable Exists | true |
Hash | Hash | Example value |
FileDescriptors | File Descriptors | Example value |
Flags | Flags | 123 |
GroupId | Group Id | 123 |
MajorFaults | Major Faults | 123 |
Maps | Maps | [] |
MinorFaults | Minor Faults | 123 |
Nice | Nice | 123 |
ParentId | Parent Id | 123 |
Priority | Priority | 123 |
ProcessId | Process Id | 123 |
RealGroupId | Real Group Id | 123 |
RealUserId | Real User Id | 123 |
ResidentSize | Resident Size | 123 |
SavedGroupId | Saved Group Id | 123 |
SavedUserId | Saved User Id | 123 |
SessionId | Session Id | 123 |
State | State | Example value |
Threads | Threads | 123 |
TpgId | Tpg Id | 123 |
TtyNr | Tty Nr | 123 |
RealUserName | Real User Name | Example value |
SavedUserName | Saved User Name | Example value |
VMSize | VM Size | 123 |
CSTime | CS Time | 123 |
CUTime | CU Time | 123 |
SystemTime | System Time | 123 |
StartTime | Start Time | 123 |
StartDateTime | Start Date Time | 2023-10-15 14:30:25+03:00 |
UserTime | User Time | 123 |
Collection Method
Section titled “Collection Method”This collector parses the necessary data from system process information and file system.
Forensic Value
Section titled “Forensic Value”This evidence is crucial for forensic investigations as it provides comprehensive process information for AIX systems. It helps investigators understand system activity, detect malicious processes, and investigate process-related attacks. The data can reveal running applications, resource usage patterns, and execution context. Analysts can use this information to identify suspicious processes, trace process relationships, and assess AIX system security posture.