syscall-execute
October 15, 2025 · View on GitHub
Description
Syscall commands were executed on the system
Parameters
| Parameter | Value |
|---|---|
| Subject | syscall |
| Activity | execute |
| Activity Type | syscall-execute |
| Pretty Name | Syscall Execute |
Fields
The possible fields for this activity type will vary depending on whether the activity was a success or a fail.
syscall-execute:success
| Field | Core | Detection | Informational |
|---|---|---|---|
| system_architecture | ✓ | ||
| syscall_number | ✓ | ||
| syscall_name | ✓ |
syscall-execute:fail
| Field | Core | Detection | Informational |
|---|---|---|---|
| system_architecture | ✓ | ||
| syscall_number | ✓ | ||
| syscall_name | ✓ |