Fetch Process GUID Details using Splunk SIEM

The Process GUID Details Alert Action fetches the most up-to-date, detailed metadata that is associated with the specified process GUID.

Example: Learn more about the process that triggered a Watchlist alert, such as parent and process cmdline.

Note: See also Processes Search API.

Configuration:

Process GUID Field: The field name in the search results that contains the process GUID to use to fetch more details.