Process Tree
Process tree is a hierarchical representation of processes and their relationships within a Windows operating system. It details parent-child process, showing how one process can spawn or create other processes over time. In Logpoint, Process Tree supports WindowsSysmon logs that assign each process a unique identity, process_guid.
For example:
In a Sysmon indexed log with the event ID 1, a LogonUI.exe process is assigned the GUID {F320C4D1-6051-6589-9A01-00000000A400}. Its parent process winlogon.exe is assigned the GUID {F320C4D1-5A94-6589-5201-00000000A400}.
Process Tree helps you study the relationships between active processes, discover resource utilization and debug process execution issues. Unusual process linkages or unexpected child processes might indicate security concerns. Visualizing the Process Tree can help spot such anomalies or irregularities. To visualize a tree, search for Sysmon logs from Search, then click Visualize Process Tree With {guid} from the parent_process_guid or process_guid value drop-down.
Package Details
Installation
To install Process Tree:
- Download the .pak file from the Download link above.
- Go to Settings >> System Settings from the navigation bar and click
Applications. - Click Import.
- Browse to the downloaded .pak file.
- Click Upload.
Support
If you have any queries or require assistance, please feel free to contact our support team:
Email: servicedesk@logpoint.com
Phone: +45 7060 6100
Best regards,
The donwload link points to Jira and is not accessible.