SystemProcess event on macOS extracts only executable path due to lack of documented API for command-line arguments

[harship04]

The goal of the system process event is to capture the process ID (pid) and corresponding command-line arguments for each process running on the system.

On macOS, the current implementation (Extend SystemProcesses API implementation to macOS #7808) uses proc_listpids to enumerate process IDs and proc_pidpath to retrieve the executable path. However, this approach does not provide access to full command-line arguments.

While the sysctl function with the KERN_PROCARGS2 option can extract argument data, it is undocumented and lacks official support from Apple, making it unsuitable for reliable use. As a result, the current implementation does not fetch command-line arguments on macOS.

Currently, there is no known, officially supported API on macOS that exposes full command-line arguments for arbitrary processes. Until such an interface becomes available, the macOS implementation will remain limited to collecting only the executable path