Sometimes it is necessary to track the malicious process and network connection for a long time. For example, when a local machine is detected to launch a malicious attack on the network, it must track the specific connection behavior initiated to remote ports. Sometimes, malicious programs have a dormant process and will only connect to the remote host at specific times or under certain conditions. If logs can be recorded and the tracking period continued, it can be very helpful for troubleshooting
Sometimes it is necessary to track the malicious process and network connection for a long time. For example, when a local machine is detected to launch a malicious attack on the network, it must track the specific connection behavior initiated to remote ports. Sometimes, malicious programs have a dormant process and will only connect to the remote host at specific times or under certain conditions. If logs can be recorded and the tracking period continued, it can be very helpful for troubleshooting