ContextQMD
Back to Falco

Spawned Process

content/en/docs/reference/rules/default-macros/spawned_process.md

latest82 B
Original Source
yaml
- macro: spawned_process
  condition: (evt.type in (execve, execveat))