{
  "data": {
    "ancestors": "/usr/lib/systemd/systemd|/usr/sbin/sshd|/usr/sbin/sshd|/usr/sbin/sshd|/usr/bin/sudo",
    "command_line": "/tmp/sample.bin",
    "exe": {
      "path": "/tmp/sample.bin"
    },
    "path": "/tmp/.xdiag/elog"
  },
  "info": {
    "host": {
      "uuid": "3eff9364-90b8-5293-9f42-0ea09fbefe18",
      "name": "kunai-sandbox",
      "container": null
    },
    "event": {
      "source": "kunai",
      "id": 87,
      "name": "write_close",
      "uuid": "7907f0c8-12f1-6ee0-a51f-b896e0a85dfe",
      "batch": 354
    },
    "task": {
      "name": "sample.bin",
      "pid": 2870,
      "tgid": 2870,
      "guuid": "fe8126fb-1200-0000-4c09-d804360b0000",
      "uid": 0,
      "gid": 0,
      "namespaces": {
        "mnt": 4026531841
      },
      "flags": "0x400100"
    },
    "parent_task": {
      "name": "sudo",
      "pid": 2869,
      "tgid": 2869,
      "guuid": "7a5427f8-1200-0000-4c09-d804350b0000",
      "uid": 1000,
      "gid": 0,
      "namespaces": {
        "mnt": 4026531841
      },
      "flags": "0x400100"
    },
    "utc_time": "2024-11-06T21:19:26.872503898Z"
  }
}