Retrieve one particular field from the results of a process search.
External DocumentationTo learn more, visit the EchoTrail documentation.

Parameters

ParameterDescription
FieldThe specific field to retrieve from the search results.
QueryThe name or hash of an endpoint process to lookup.
Must be a Windows filename with extension, a SHA256 hash of a windows process, or a md5 hash of a windows process.

Example Output

{
  "parents": [
    [ "services.exe", "99.63" ],
    [ "MsMpEng.exe", "0.36" ],
    ...
  ]
}

Workflow Library Example

Insights Field Search with Echotrail and Send Results Via Email
Workflow LibraryPreview this Workflow on desktop