This 1+ minute video introduces the concept of provenance chains, tracking how one instance of the GoogleUpdater program got started.
Software updates and software builds produce wonderfully long provenance chains, where process A creates process B, process B creates process C, and so on.
I’ve selected an execution of the GoogleUpdater program with its many arguments.
Down below is the provenance chain that eventually created this execution.
It begins at the top with the first process, launchd, forking itself, followed by this new process executing the program xpcproxy.
At the bottom, the 18th event in the provenance chain, is the execution of the GoogleUpdater program, the one selected in the list above.
Whether you are a student learning about computers, a system administrator responsible for keeping a computer running smoothly, a cybersecurity investigator needing to know what is running on a computer and how any suspicious process got started, or just a person curious to know how computers work, discovering these provenance chains can provide you with valuable knowledge of what is happening behind the scenes on your computer
The Mac app used for this video is Ennetix xTend with then endpoint system extension added. Both Ennetix xTend and Ennetix Endpoint are free.
Download Ennetix xTend from the Apple App Store.
Download Ennetix Endpoint from the Ennetix web site (in Section 2.1).
CHIEF PRODUCT OFFICER (ACTING)
Ashok Madanahalli brings 30+ years of experience in networking and cybersecurity at industry leaders such as Riverbed, Check Point, Extreme Networks, and FORE Systems where he built and led high-performance teams delivering product and market share leadership. At Riverbed, Ashok served as Vice President of Product Management (WAN Optimization and SD-WAN) leading the business transformation to Cloud and SaaS. He has also led Firewall/VPN/UTM and IDS/IPS solutions. Ashok holds a master’s degree in engineering from University of Oklahoma and a bachelor’s degree from National Institute of Technology, Durgapur, India.
FOUNDER AND DIRECTOR OF ENGINEERING
Trevor leads Ennetix’s efforts on full-stack design and development of the company’s analytics pipeline. He manages the operations of Ennetix platforms across its customer base.
VICE PRESIDENT OF ENGINEERING
Todd pioneered the field of network security monitoring in the 1990s with the development of the first widely deployed intrusion detection system, the Network Security Monitor (NSM). In addition to network-based security, he has developed intrusion detection sensors for Windows, Linux, and macOS. Todd is currently focused on bringing innovative network and endpoint security monitoring solutions to Ennetix’s xVisor platform.
FOUNDER AND CTO
Pulak Chowdhury, Founder and CTO, Ph.D., Computer Science, UC Davis
Pulak brings a unique combination of deep networking technology background with advanced research work in Computer Sciences. He provides overall architectural direction and drivers the development activities on xVisor with a highly talented team.
FOUNDER AND PRESIDENT
Prof. Dr. Bis Mukherjee, Founder and President (also Distinguished Professor, UC Davis), Ph.D., Electrical Engineering, University of Washington, Seattle, B.Tech. (Hons.), Electronics Engineering, Indian Institute of Technology, Kharagpur
Acknowledged authority in pioneering network technologies for 35+ years. His pioneering contributions in the networking world include: