Explanation of the data in the table
- Time
- Event timestamp.
- Host
- Host the event was observed on.
- Event type
- Type of event.
- Name (ID)
- Process name and ID.
- Parent (ID)
- Parent process name and ID.
- Application (version)
- Name and version of the application the process is associated with.
- User (session ID)
- User name and RDS session ID.
- Elevated
- Indicates if a process is running elevated (as administrator).
- Protected
- Indicates if the process was started protected
- Tag
- The tag that was specified in the tagging rule that triggered this event.
- Risk score
- The risk score that was specified in the tagging rule that triggered this event.
- Lifetime (s)
- Process lifetime in seconds at the time of the event.
- Command line
- Command line of the process was started with. Hover over the table cell to get more information.
- Path
- Path of the process was started with. Hover over the table cell to get more information.
- ATT&CK techniques
- ATT&CK techniques to which the event is mapped. Click a technique to get more information.