Get Running Services - WMI Enrichment

  • リリースバージョン: Australia
  • 更新日 2026年03月12日
  • 所要時間:2分

    • The Security Incident Response - Get Running Services workflow gathers running services on a configuration item added to a security incident.

    The Get Running Services - WMI Enrichment activity is launched automatically to retrieve running services information for a Windows host.

    Input variables

    Input variables determine the initial behavior of the activity.

    表 : 1. Input variables
    Variable Description
    target [string] The fully qualified domain name (FQDN) of the target system.

    Output variables

    The output variables contain data that can be used in subsequent activities.

    表 : 2. Output variables
    Variable Description
    response [string]

    A JSON string representing the current running services on the target system.

    JSON data includes:

    name
    The name of the service
    pid
    The process identifier of the running service
    service_type
    (Optional) The type of running service.
    start_name
    The system name for the service
    path
    The file path of the running service executable
    start_mode
    The start mode of the running service.
    display_name
    The name of the running service as it appears to the user

    Restrictions

    The MID Server must support PowerShell.

    SHA-256 hash requires PowerShell V4.