There is not one process name that is started.
When we connect for a compliance scan, we establish an SSH session using the credentials specified in the Auth record and confirm we have acheived a root shell (UID=0).
From that point forward, we run many different commands and scripts to gather configuration data. So, there is not one process name to list but possibly hundreds of different activities.
For example, on RedHat, PC scans run commands like:
awk cat cut echo egrep find grep id ls sed tr last sort uniq sysctl ps
Note that this is not a comprehensive list as we are continually adding new control coverage and will run additional command often several times with different parameter settings.
During a scan we will also create temporary files in /tmp with random names to seperate stout/sterr channels and serve as a holding area.
Let me know if this helps,
Thank you Mr. Creech, your answer was most helpful!