A process was executed
| Parameter |
Value |
| Subject |
process |
| Activity |
create |
| Activity Type |
process-create |
| Pretty Name |
Process Create |
| Success |
Fail |
process-created
|
process-created-failed
|
The possible fields for this activity type will vary depending on whether the activity was a success or a fail.
| Field |
Core |
Detection |
Informational |
| parent_process_id |
|
✓ |
|
| parent_process_command_line |
|
✓ |
|
| command_module |
|
✓ |
|
| parent_process_name |
|
✓ |
|
| domain_user_name |
|
|
|
| parent_process_dir |
|
✓ |
|
| dest_zone |
|
|
|
| hash_sha256 |
|
✓ |
|
| dest_user_entity_id |
|
|
|
| process_guid |
|
✓ |
|
| src_zone |
|
|
|
| domain |
|
✓ |
|
| process_integrity |
|
✓ |
|
| dest_host |
|
✓ |
|
| parent_process_guid |
|
✓ |
|
| control_panel_item |
|
✓ |
|
| parent_process_path |
|
✓ |
|
| user |
|
✓ |
|
| dest_device_entity_id |
|
|
|
| cid |
|
|
✓ |
| Field |
Core |
Detection |
Informational |
| parent_process_id |
|
✓ |
|
| failure_code |
|
✓ |
|
| parent_process_command_line |
|
✓ |
|
| parent_process_name |
|
✓ |
|
| domain_user_name |
|
|
|
| failure_reason |
|
✓ |
|
| parent_process_dir |
|
✓ |
|
| dest_zone |
|
|
|
| hash_sha256 |
|
✓ |
|
| process_guid |
|
✓ |
|
| src_zone |
|
|
|
| domain |
|
✓ |
|
| process_integrity |
|
✓ |
|
| dest_host |
|
✓ |
|
| parent_process_guid |
|
✓ |
|
| control_panel_item |
|
✓ |
|
| parent_process_path |
|
✓ |
|
| user |
|
✓ |
|
| cid |
|
|
✓ |