ProcessInfo
Return information about the current process
Property |
Type |
Description |
Example |
|---|---|---|---|
CommandLine |
String |
Process command line |
file.txt |
CommandLineLength |
Int |
Length of the command line |
123 |
Compromised |
Bool |
The process was marked as compromised by a rule with MarkAsCompromised action |
true/false or 1/0 |
IntegrityLevel |
Int/Symbols |
Integrity level of the process |
Possible values are: •Untrusted—0 •Low—4096 •Medium—8192 •High—12288 •System—16384 •Protected process—20480 |
LnkPath |
String |
Contains a path to a shortcut execution |
|
ProcessLevel |
Int |
Depth of the process in process hierarchy |
123 |
ProcessDistance |
Int |
The distance of the process from the current process |
123 |
ProcessOwner |
String |
The user that created the process |
|
CaseSensitiveCommandLine |
String |
Allows creating rules for command line that is case sensitive |
|
Supported Operations and their components:
|
Module |
|---|---|
CreateProcess |
X |
LoadDLL |
X |
CodeInjection |
X |