Hi,
not that easy to to understand what’s happen in your system while a process is running.
This may help you a little.
It extracts some system parameters using osquery
- install osquery on your system (https://osquery.io/downloads/official/5.0.1)
- open the EM project attached
- select the tables you want to extract : select in the filter transformation of the main module
- run the project
it will extract some systems parameters into JSON and DSET files
as we can’t assign a specific codepage to a command line transformation in EM, there’s a little workaround to convert the query results from codepage 850 to 65001 before saving the JSON file.osquery.zip (29.1 KB)
hope it will be useful
Regards