Insights Subsearch
Perform a search within a list of results from a process search.
External Documentation
To learn more, visit the EchoTrail documentation.
Parameters
| Parameter | Description |
|---|---|
| Field | The specific field to retrieve from the search results. |
| Query | The name or hash of an endpoint process to lookup. Must be a Windows filename with extension, a SHA256 hash of a windows process, or a md5 hash of a windows process. If the search yields no results, the response will include the message: No results found. |
| Subsearch | The string to search for within the process field. |
Example Output
[
"services.exe",
99.88
]
Workflow Library Example
Insights Subsearch with Echotrail and Send Results Via Email
Preview this Workflow on desktop