santa icon indicating copy to clipboard operation
santa copied to clipboard

Published 20 hours ago verified publisher icon google

ProcessTree: add macOS specific loader and ES adapter (2/4)

Open kallsyms opened this issue 7 months ago • 0 comments

The process tree library is meant to be usable by Santa, other macOS agents, and even other OSs. This PR adds the macOS specific LoadPID to backfill running processes on startup, and an adapter to transform from EndpointSecurity events to mutations on the tree.

kallsyms avatar Nov 16 '23 19:11 kallsyms