Process Fields

  • Process is related to the execution of binaries
  • The process_ names can also be prefixed with target_… and parent_… e.g, parent_process_id, target_process_name, etc.
Process Fields
Field Name Example Values Field Type Notes
process_command_line c:tmprunme.exe, /tmp/runme keyword Full command line of process
process_id 2045,0x3e7 keyword Process identifier number associated with process
process_integrity_level medium, high keyword Integrity level of process
process_name whoami, whoami.exe keyword File name of executed process
process_path C:Windowssystem32, /usr/local/bin keyword File path of executed process
process_uid 73123815-5caa-4e39-90dc-d25d4013bf15 keyword GUID or unique identifier for process that is not the process_id