Had a question about the rule "Unusual Child Process from a System Virtual Process", sorry if this is not the correct forum for it. I'm using the most recent rule query and when these alerts do spawn, we are unable to tell what exactly the spawned process is. I've checked the Discover logs, and found nothing related.
Is there a way i can change this rule to allow me to see the spawned process?