A process was executed
| Parameter | Value |
|---|
| Subject | process |
| Activity | create |
| Activity Type | process-create |
| Pretty Name | Process Create |
| Success | Fail |
|---|
process-created
| process-created-failed
|
The possible fields for this activity type will vary depending on whether the activity was a success or a fail.
| Field | Core | Detection | Informational |
|---|
| parent_process_id | | ✓ | |
| parent_process_command_line | | ✓ | |
| command_module | | ✓ | |
| parent_process_name | | ✓ | |
| domain_user_name | | | |
| parent_process_dir | | ✓ | |
| dest_zone | | | |
| hash_sha256 | | ✓ | |
| dest_user_entity_id | | | |
| process_guid | | ✓ | |
| src_zone | | | |
| domain | | ✓ | |
| process_integrity | | ✓ | |
| dest_host | | ✓ | |
| parent_process_guid | | ✓ | |
| control_panel_item | | ✓ | |
| parent_process_path | | ✓ | |
| user | | ✓ | |
| dest_device_entity_id | | | |
| cid | | | ✓ |
| Field | Core | Detection | Informational |
|---|
| parent_process_id | | ✓ | |
| failure_code | | ✓ | |
| parent_process_command_line | | ✓ | |
| parent_process_name | | ✓ | |
| domain_user_name | | | |
| failure_reason | | ✓ | |
| parent_process_dir | | ✓ | |
| dest_zone | | | |
| hash_sha256 | | ✓ | |
| process_guid | | ✓ | |
| src_zone | | | |
| domain | | ✓ | |
| process_integrity | | ✓ | |
| dest_host | | ✓ | |
| parent_process_guid | | ✓ | |
| control_panel_item | | ✓ | |
| parent_process_path | | ✓ | |
| user | | ✓ | |
| cid | | | ✓ |