The Endpoint processes tab displays a list of processes of devices with UserGate Client software installed. Use it to trace the chain of process calls, understand startup parameters and view useful information about the file. The tab has two panels: Process Log and Process.
The Process Log panel displays the list of endpoint processes (running application processes, background processes, Windows processes) that pass information to SIEM. The following information can be viewed:
-
Run date and time.
-
The name of the endpoint device.
-
Application
-
Process ID.
Records can be conveniently filtered by various criteria, such as date range, app name, process ID, etc. You can also use advanced search to set up complex filters; the advanced search mode uses a special query language the syntax of which is covered later in the Data Search and Filtering section.
Administrators can select to display only the columns they need. To do that, point the mouse cursor at the name of any column, click the arrow that will appear to the right of the column name, choose Columns, and select the desired parameters in the context menu.
Select a process to view the process tree and the process details. The process tree and details will be displayed in the Process panel.