Customer wanted a high level explanation of how a PIM agent works.
Release : 12.8
Component : CA ControlMinder
1) Rules and policies are stored in "/installpath/seosdb". This is encrypted.
2) When PIM is started, the rules are essentially compiled by seosd, and a lot of the compiled data is passed to the kernel module for the sake of processing speed.
3) At runtime, system calls are intercepted by PIM's kernel module. These will be evaluated against the compiled rules in the kernel module, and passed to seosd if needed, and acted upon.