AnsweredAssumed Answered

Processes probe alerts then clears on next poll on PID restart

Question asked by Daniel Blanco Champion on Jan 16, 2018
Latest reply on Jan 17, 2018 by Daniel Blanco

Hello, so was asked to setup a processes profile in which client wants to be alerted if the PID is changed on a process. I got this setup and it works BUT I noticed that the alert for which the PID changed auto-clears on the next polling cycle which is useless. The alert will stay on the console for 60s then clear itself on the next poll b/c the probe detects the new PID, alerts, then on next poll its the same new PID and clears.  

Is there a way to not have the probe clear the process restart alert?

 

TLDR:

So I get the processes probe PID for profile XXXX changed alert:

IGNORE - DBLANCO - Calculator.exe [1]: Process Calculator.exe [1] has restarted with new pid = 2052. Old pid was = 17416.

but then clears on next poll. Need it to not auto clear so that someone see's this alerts and tickets it.

Outcomes