diff --git a/pkg/bpf/bytecode/restricted-network.bpf.o b/pkg/bpf/bytecode/restricted-network.bpf.o
index 68b8ef1..32d4bd3 100644
Binary files a/pkg/bpf/bytecode/restricted-network.bpf.o and b/pkg/bpf/bytecode/restricted-network.bpf.o differ
diff --git a/pkg/bpf/c/common.h b/pkg/bpf/c/common.h
index dcb8e91..4ef421f 100644
--- a/pkg/bpf/c/common.h
+++ b/pkg/bpf/c/common.h
@@ -55,6 +55,7 @@ struct audit_event_header {
 	enum audit_event_type type;
 	char nodename[NEW_UTS_LEN + 1];
 	char task[TASK_COMM_LEN];
+	char parent_task[TASK_COMM_LEN];
 };
 
 struct audit_event_blocked_ipv4 {
diff --git a/pkg/bpf/c/restricted-network.bpf.c b/pkg/bpf/c/restricted-network.bpf.c
index 5272a08..8e0b3af 100644
--- a/pkg/bpf/c/restricted-network.bpf.c
+++ b/pkg/bpf/c/restricted-network.bpf.c
@@ -57,6 +57,9 @@ static inline void report_ip4_block(void *ctx, u64 cg, enum action action, enum
 	ev.hdr.type = BLOCKED_IPV4;
 	bpf_get_current_comm(&ev.hdr.task, sizeof(ev.hdr.task));
 
+	struct task_struct *parent_task = BPF_CORE_READ(current_task, real_parent);
+	bpf_probe_read_kernel_str(&ev.hdr.parent_task, sizeof(ev.hdr.parent_task), &parent_task->comm);
+
 	ev.dport = __builtin_bswap16(daddr->sin_port);
 	ev.src = src_addr4(sock);
 	ev.dst = BPF_CORE_READ(daddr, sin_addr);
diff --git a/pkg/commands/network/audit.go b/pkg/commands/network/audit.go
index 606b6d6..3f13345 100644
--- a/pkg/commands/network/audit.go
+++ b/pkg/commands/network/audit.go
@@ -19,12 +19,13 @@ const SRCIP_LEN = 4
 const DSTIP_LEN = 4
 
 type eventHeader struct {
-	CGroupID  uint64
-	PID       uint32
-	EventType int32
-	Nodename  [NEW_UTS_LEN + 1]byte
-	Command   [TASK_COMM_LEN]byte
-	_         [PADDING_LEN]byte
+	CGroupID      uint64
+	PID           uint32
+	EventType     int32
+	Nodename      [NEW_UTS_LEN + 1]byte
+	Command       [TASK_COMM_LEN]byte
+	ParentCommand [TASK_COMM_LEN]byte
+	_             [PADDING_LEN]byte
 }
 
 type eventBlockedIPv4 struct {
@@ -103,13 +104,14 @@ func RunAudit(conf *config.Config) {
 		}
 
 		log.WithFields(logrus.Fields{
-			"Action":   body.ActionResult(),
-			"Hostname": nodename2string(header.Nodename),
-			"PID":      header.PID,
-			"Comm":     comm2string(header.Command),
-			"Addr":     byte2IPv4(body.DstIP),
-			"Port":     body.DstPort,
-			"Protocol": sockTypeToProtocolName(body.SockType),
+			"Action":     body.ActionResult(),
+			"Hostname":   nodename2string(header.Nodename),
+			"PID":        header.PID,
+			"Comm":       comm2string(header.Command),
+			"ParentComm": comm2string(header.ParentCommand),
+			"Addr":       byte2IPv4(body.DstIP),
+			"Port":       body.DstPort,
+			"Protocol":   sockTypeToProtocolName(body.SockType),
 		}).Info("Traffic is trapped in the filter.")
 	}
 }