Get running processes via WMI activity

Australia Security Management

Release

australia

ft:locale

ja-JP

ft:publication_title

Australia Security Management

ft:clusterId

security

bundleId

security

workflow

Technology

Get running processes via WMI activity

リリースバージョン: Australia

更新日 2026年03月12日

所要時間：2分

TheGet Running Processes workflow activity retrieves the running processes of a configuration item on a Windows-based system. This activity can accelerate the investigation and remediation process.

The Get Running Processes via WMI activity can be used with any workflow to retrieve running processes on a Windows-based system.

Input variables

Input variables determine the initial behavior of the activity.

表 : 1. Input variables
Variable	Description
target [string]	The fully qualified domain name (FQDN) or IP address of the target system.

Output variables

The output variables contain data that can be used in subsequent activities.

表 : 2. Output variables
Variable	Description
response [string]	A JSON string representing the current running processes on the target system. JSON data includes: pid The process identifier name The name of the process Also, if available: Owner The name of the process owner owner_sid The system identifier of the process owner owner_domain The domain of the process owner path The file path of the process executable hash The hash value of the process executable. The hash is in SHA-256 for PowerShell V4 or higher. Otherwise, the hash is in MD5.

Restrictions

The MID Server must support PowerShell.

SHA-256 hash requires PowerShell V4.