Home

Searching for CRS Process Events

Use the search tokens below to search for Process events.

actionaction

Enter the action for your file event (LAUNCH, TERMINATE).

Example

Find the process events having action as 'LAUNCH'.

action: LAUNCH

statusstatus

Enter the status of your cluster (SUCCESS, UNKOWN, FAILURE).

Example

Find the process events having status as 'SUCCESS'.

status: SUCCESS

actor.process.nameactor.process.name

Enter the acting process name.

Example

Show the process events based on the specified acting process name.

actor.process.name: /usr/bin/cat

actor.process.container.nameactor.process.container.name

Enter the acting process container name.

Example

Show the process events based on the specified acting process container name.

actor.process.container.name: ubuntu-container

actor.process.container.uidactor.process.container.uid

Enter the UID of your container.

Example

Show the process events based on the specified acting process containerUid.

actor.process.container.uid: 2971480b85e82b888f3327303e4a7c48ae350e16ed71d3fe728543e6187c69ec

process.container.uidprocess.container.uid

Enter the UID of your container.

Example

Show the process events based on the specified acting process containerUid.

process.container.uid: 2971480b85e82b888f3327303e4a7c48ae350e16ed71d3fe728543e6187c69ec

process.container.nameprocess.container.name

Enter the acting process name.

Example

Show the process events based on the specified acting process container name.

process.container.name: ubuntu-container

process.nameprocess.name

Enter the process name.

Example

Show the process events based on the specified process name.

process.name: /usr/bin/cat

process.xattributes.exec_idprocess.xattributes.exec_id

Enter the execution id of the specified Xattributes of a process.

Example

Show the process events based on the specified process xattributes's execution id.

process.xattributes.exec_id: aXAtMTAtODItMTEtMjIzOjEwNjMxMzU1OTQ4Mjk3OjExNzM5MA==

cloud.providercloud.provider

Enter the cloud provider name (AWS, AZURE, GCP, OCI, SELF_MANAGED_K8S).

Example

Show the process events based on the Cloud provider. - AWS

cloud.provider: AWS

namespaceNamenamespaceName

Enter the name of the namespace.

Example

Show the process events based on the namespace name.

namespaceName: default

nodenamenodename

Enter the name of the node.

Example

Show the process events based on the node name.

nodename: ip-10-**-10-2**

clusterNameclusterName

Enter the cluster name.

Example

Show the process events based on the specified cluster name.

clusterName: ip-10-**-9-**02

© 2024 Qualys, Inc. All rights reserved. Privacy Policy.