Insights Field Search
Retrieve one particular field from the results of a process search.
External Documentation
To learn more, visit the EchoTrail documentation.
Parameters
| Parameter | Description |
|---|---|
| Field | The specific field to retrieve from the search results. |
| Query | The name or hash of an endpoint process to lookup. Must be a Windows filename with extension, a SHA256 hash of a windows process, or a md5 hash of a windows process. |
Example Output
{
"parents": [
[ "services.exe", "99.63" ],
[ "MsMpEng.exe", "0.36" ],
...
]
}
Workflow Library Example
Insights Field Search with Echotrail and Send Results Via Email
Preview this Workflow on desktop