Process Execution

Description

This preset offers fields related to process execution events.

Preset Fields

The
xdr_process_execution
preset has the following fields:
Field Name
(Datatype)
Description
action_​process_​image_​command_​line
(string)
None Available
action_​process_​image_​md5
(string)
None Available
action_​process_​image_​name
(string)
File name of 'action_process_image_path'
action_​process_​image_​path
(string)
None Available
action_​process_​image_​sha256
(string)
None Available
action_​process_​os_​pid
(integer)
The OS PID of the new process
action_​process_​signature_​status
(integer)
None Available
action_​process_​signature_​vendor
(string)
None Available
action_​process_​username
(string)
Name assigned to 'action_process_user_sid'
actor_​effective_​username
(string)
Name assigned to 'actor_effective_user_sid' Win: Including domain
actor_​process_​command_​line
(string)
None Available
actor_​process_​image_​md5
(string)
None Available
actor_​process_​image_​name
(string)
None Available
actor_​process_​image_​path
(string)
None Available
actor_​process_​image_​sha256
(string)
None Available
actor_​process_​os_​pid
(integer)
None Available
actor_​process_​signature_​status
(integer)
None Available
actor_​process_​signature_​vendor
(string)
None Available
agent_​hostname
(string)
Hostname of the agent
agent_​install_​type
(integer)
None Available
agent_​ip_​addresses
(string)
All IPv4 interface addresses
agent_​os_​type
(integer)
None Available
causality_​actor_​process_​command_​line
(string)
None Available
causality_​actor_​process_​image_​md5
(string)
None Available
causality_​actor_​process_​image_​name
(string)
None Available
causality_​actor_​process_​image_​path
(string)
None Available
causality_​actor_​process_​image_​sha256
(string)
None Available
causality_​actor_​process_​os_​pid
(integer)
None Available
causality_​actor_​process_​signature_​status
(integer)
None Available
causality_​actor_​process_​signature_​vendor
(string)
None Available
causality_​actor_​type
(integer)
None Available
mac
(string)
None Available
os_​actor_​process_​command_​line
(string)
None Available
os_​actor_​process_​image_​name
(string)
None Available
os_​actor_​process_​image_​path
(string)
None Available
os_​actor_​process_​os_​pid
(integer)
None Available
os_​actor_​process_​signature_​status
(integer)
None Available

Recommended For You