Channels
doorman
infrastructure
random
zercurity
community-feeds
fleet-dev
code-review
queryhub
apple-silicon
carving
tls
fim
goquery
zentral
aws
querycon
golang
zeek
file-carving
fuzzing
auditing-warroom
linen-dev
fleetosquery
plugins
jobs
arm-architecture
darkbytes
process-auditing
uptycs
android_tests
selfgroup
vendor-feeds
fleet
eclecticiq-polylogyx-extension
ebpf
website
core
general
macos
kolide
osctrl
extensions
foundation
sql
officehours
linux
windows
Title
z
zwass
03/30/2018, 3:00 AM@clong I'm not really sure how you would get a python process into that state to test it, but I think it would look something like
SELECT p.* FROM processes p LEFT JOIN process_open_files pof USING (pid) WHERE cmdline LIKE '%python%' AND name = "Python" AND pof.path = '';c
clong
03/30/2018, 8:04 PMThanks! I got it working with the help of this query — really appreciate it!
🍻 1