Process Fields

  • Process is related to the execution of binaries
  • The process_ names can also be prefixed with target_… and parent_… e.g, parent_process_id, target_process_name, etc.
Process Fields
Field Name Example Values Field Type Notes
process_command_line c:tmprunme.exe, /tmp/runme keyword  
process_id 2045 integer  
process_integrity_level   keyword  
process_name   keyword  
process_path   keyword  
process_uid   keyword