Process Tracker collects metadata on unique file executions across your Windows, Mac, and Linux operating systems and streams the data to your Endpoint Security console. The metadata can be utilized by the Enricher module to detect malicious binaries and the data is accessible on the message bus for your SIEM to retrieve. All Process Tracker metadata will be displayed in a user interface within your Endpoint Security console, so results can be filtered.
Using the Process Tracker module on Linux systems that have pre-linking enabled can impact system performance and potentially cause the system to become unresponsive. Pre-linking is enabled by default on RHEL and CentOS environments. This will be resolved in a future update.
As this is a tech preview module, the usual support SLAs don’t apply to the module. You can also provide feedback to the module team through the email listed below.
|Resources:||Module User Guide|
|FireEye Endpoint Security|
|Last Updated:||February 6, 2020|
|Requirements:||FireEye Endpoint Security Server 4.9.x and Agent 30/31|