fibratus icon indicating copy to clipboard operation
fibratus copied to clipboard
verified publisher icon rabbitstack

Obtain process token integrity level

Open dfirence opened this issue 2 years ago • 5 comments

Greetings, thank you for your awesome sensor.

can you extend the Process event to have the integrity levels for the parent and child process`?

dfirence avatar Nov 02 '23 02:11 dfirence

Thanks @dfirence!

Process integrity level, privileges, token information, etc. is certainly on my radar. :)

If I provide some general guidelines on how to enrich process state with this new data, would you be able to pitch in and submit a PR?

rabbitstack avatar Nov 02 '23 19:11 rabbitstack

Hey @rabbitstack - No because I don’t know how to use GoLang correctly. Lemme peruse through your source and see how difficult it is

dfirence avatar Nov 08 '23 02:11 dfirence

@dfirence you marked this issue as completed but I'm not seeing any backing PRs. Was this intended?

rabbitstack avatar Nov 17 '23 16:11 rabbitstack

@rabbitstack - Dont want to clog up your awesome repo, I cannot use Go for this myself, I can do it in Rust.

dfirence avatar Nov 20 '23 13:11 dfirence

Understood. It is fine to keep the issue open as I'll be tackling this in near future.

rabbitstack avatar Nov 20 '23 14:11 rabbitstack