Get running processes via WMI activity

  • Release version: Australia
  • Updated March 12, 2026
  • 1 minute to read

    • TheGet Running Processes workflow activity retrieves the running processes of a configuration item on a Windows-based system. This activity can accelerate the investigation and remediation process.

    The Get Running Processes via WMI activity can be used with any workflow to retrieve running processes on a Windows-based system.

    Input variables

    Input variables determine the initial behavior of the activity.

    Table 1. Input variables
    Variable Description
    target [string] The fully qualified domain name (FQDN) or IP address of the target system.

    Output variables

    The output variables contain data that can be used in subsequent activities.

    Table 2. Output variables
    Variable Description
    response [string]

    A JSON string representing the current running processes on the target system.

    JSON data includes:

    pid
    The process identifier
    name
    The name of the process

    Also, if available:

    Owner
    The name of the process owner
    owner_sid
    The system identifier of the process owner
    owner_domain
    The domain of the process owner
    path
    The file path of the process executable
    hash
    The hash value of the process executable. The hash is in SHA-256 for PowerShell V4 or higher. Otherwise, the hash is in MD5.

    Restrictions

    The MID Server must support PowerShell.

    SHA-256 hash requires PowerShell V4.