Skip to content

Process GUID drilldown tab

Jump to bottom
Edoardo Gerosa edited this page May 31, 2020 · 1 revision

The Process GUID drilldown tab provides insights into all indicators related to the specified process GUID within the specified timespan.

alt text

The Process GUID drilldown tab displays the following tables:

  • A general overview of Sysmon process create activity and associated GUIDs
  • An overview of Sysmon process create activity associated to known ATT&CK techniques and associated GUIDs
  • Grid providing a drilldown into Sysmon activity for the selected GUID
  • Grid listing all child processes spawned by the selected process parent of the specified GUID
  • Drilldown tables for the selected GUID to examine:
    • Process create activity
    • Process access activity
    • File create activity
    • Image loaded activity
    • Network connection activity
    • Registry access activity
    • DNS request activity

A higher definition picture of the Process GUID drilldown tab can be found here.

Clone this wiki locally