Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

Create a usn tracker #2121

Open
scudette opened this issue Sep 29, 2022 · 1 comment
Open

Create a usn tracker #2121

scudette opened this issue Sep 29, 2022 · 1 comment

Comments

@scudette
Copy link
Contributor

Similar to the process tracker we should add a usn tracker.

The trouble with the usn journal is that it is very verbose so it's hard to interpret. Ideally we want to summarize the log to just relevant info ideally only Creation and deleting events. We need to be able to target by paths as well.

We need to also estimate the load on the system due to this. Ideally it is cheap enough to run always on all systems.
@mgreen27
Copy link
Collaborator

Just to add to the conversation, imho we want file telemetry to include process context.
USN is great for forensics but not as high security value as other techniques.

Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Assignees
No one assigned
Labels
None yet
Projects
None yet
Milestone
No milestone
Development

No branches or pull requests
2 participants
@scudette @mgreen27