Environment
- Enterprise EDR Console: All Versions
- Enterprise EDR Sensor: All Supported Versions
- Microsoft Windows: All Supported Versions
Question
Process Analysis shows the process name the Selected Process field does not match the Watchlist IOC process_name but the path field process name does match the Watchlist IOC process_name, so which field corresponds to the process_name used in Watchlist IOC?
Answer
- Selected Process refers to process_cmdline
- Path refers to process_name
Additional Notes
If Watchlist IOC specifies a process name and path, then the process name and path must match on both
