Auto-Generated Documentation

This set of documentation is automatically generated from source, and will help ensure any change to functionality will always be documented and available on release.

ParentProcess

These fields contain information about a process.

Field	Type	Description	Required	Default
args	List [Keyword]	Array of process arguments, starting with the absolute path to the executable.	Optional	None
args_count	Integer	Length of the process.args array.	Optional	None
code_signature	CodeSignature	Information about binary code signatures.	Optional	None
command_line	Keyword	Full command line that started the process, including the absolute path to the executable, and all arguments.	Optional	None
end	Date	The time the process ended.	Optional	None
entity_id	Keyword	OID Hash of the process.	Optional	None
entry_meta	EntryMeta	Process Meta Information.	Optional	None
env_vars	Mapping [Keyword]	Environment variables (env_vars) set at the time of the event. May be filtered to protect sensitive information.	Optional	None
executable	Keyword	Absolute path to the process executable.	Optional	None
exit_code	Integer	The exit code of the process, if this is a termination event.	Optional	None
hash	Hashes	Hashes, usually file hashes	Optional	None
interactive	Boolean	Whether the process is connected to an interactive shell.	Optional	None
name	Keyword	Process name.	Optional	None
parent	ParentParentProcess	Information about the parent process.	Optional	None
pe	PE	Windows Portable Executable (PE) metadata.	Optional	None
pid	Integer	Process id.	Optional	None
same_as_process	Boolean	This boolean is used to identify if a leader process is the same as the top level process.	Optional	None
start	Date	The time the process started.	Optional	None
title	Keyword	Process title.	Optional	None
uptime	Integer	Seconds the process has been up.	Optional	None
user	ShortUser	The effective user (euid).	Optional	None
working_directory	Keyword	The working directory of the process.	Optional	None