Xanadu Security Management

Get running processes via WMI activity

Save as PDF

Share this page

Table of Contents

Get running processes via WMI activity

Save as PDF

Share this page

Release version:
UpdatedAug 1, 2024
1 minute read

Xanadu
Security Operations Integration Reference

TheGet Running Processes workflow activity retrieves the running processes of a configuration item on a Windows-based system. This activity can accelerate the investigation and remediation process.

The Get Running Processes via WMI activity can be used with any workflow to retrieve running processes on a Windows-based system.

Input variables

Input variables determine the initial behavior of the activity.

Table 1. Input variables
Variable	Description
target [string]	The fully qualified domain name (FQDN) or IP address of the target system.

Output variables

The output variables contain data that can be used in subsequent activities.

Table 2. Output variables
Variable	Description
response [string]	A JSON string representing the current running processes on the target system. JSON data includes: pid The process identifier name The name of the process Also, if available: Owner The name of the process owner owner_sid The system identifier of the process owner owner_domain The domain of the process owner path The file path of the process executable hash The hash value of the process executable. The hash is in SHA-256 for PowerShell V4 or higher. Otherwise, the hash is in MD5.

Restrictions

The MID Server must support PowerShell.

SHA-256 hash requires PowerShell V4.

Xanadu Security Management