Contents Security Operations Previous Topic Next Topic Get running processes via WMI activity Subscribe Log in to subscribe to topics and get notified when content changes. ... SAVE AS PDF Selected Topic Topic & Subtopics Share Get running processes via WMI activity The Get Running Processes workflow activity retrieves the running processes of a configuration item on a Windows-based system. This activity can accelerate the investigation and remediation process. The Get Running Processes via WMI activity can be used with any workflow to retrieve running processes on a Windows-based system. Input variables Input variables determine the initial behavior of the activity. Table 1. Input variables Variable Description target [string] The fully qualified domain name (FQDN) or IP address of the target system. Output variables The output variables contain data that can be used in subsequent activities. Table 2. Output variables Variable Description response [string] A JSON string representing the current running processes on the target system. JSON data includes: pid The process identifier name The name of the process Also, if available: Owner The name of the process owner owner_sid The system identifier of the process owner owner_domain The domain of the process owner path The file path of the process executable hash The hash value of the process executable. The hash is in SHA-256 for PowerShell V4 or higher. Otherwise, the hash is in MD5. Restrictions The MID Server must support PowerShell. SHA-256 hash requires PowerShell V4. On this page Send Feedback Previous Topic Next Topic
Get running processes via WMI activity The Get Running Processes workflow activity retrieves the running processes of a configuration item on a Windows-based system. This activity can accelerate the investigation and remediation process. The Get Running Processes via WMI activity can be used with any workflow to retrieve running processes on a Windows-based system. Input variables Input variables determine the initial behavior of the activity. Table 1. Input variables Variable Description target [string] The fully qualified domain name (FQDN) or IP address of the target system. Output variables The output variables contain data that can be used in subsequent activities. Table 2. Output variables Variable Description response [string] A JSON string representing the current running processes on the target system. JSON data includes: pid The process identifier name The name of the process Also, if available: Owner The name of the process owner owner_sid The system identifier of the process owner owner_domain The domain of the process owner path The file path of the process executable hash The hash value of the process executable. The hash is in SHA-256 for PowerShell V4 or higher. Otherwise, the hash is in MD5. Restrictions The MID Server must support PowerShell. SHA-256 hash requires PowerShell V4.
Get running processes via WMI activity The Get Running Processes workflow activity retrieves the running processes of a configuration item on a Windows-based system. This activity can accelerate the investigation and remediation process. The Get Running Processes via WMI activity can be used with any workflow to retrieve running processes on a Windows-based system. Input variables Input variables determine the initial behavior of the activity. Table 1. Input variables Variable Description target [string] The fully qualified domain name (FQDN) or IP address of the target system. Output variables The output variables contain data that can be used in subsequent activities. Table 2. Output variables Variable Description response [string] A JSON string representing the current running processes on the target system. JSON data includes: pid The process identifier name The name of the process Also, if available: Owner The name of the process owner owner_sid The system identifier of the process owner owner_domain The domain of the process owner path The file path of the process executable hash The hash value of the process executable. The hash is in SHA-256 for PowerShell V4 or higher. Otherwise, the hash is in MD5. Restrictions The MID Server must support PowerShell. SHA-256 hash requires PowerShell V4.
