Kill Process using Splunk SIEM

The Kill Process Alert Action remotely kills a process on the specified device.

Note: See also Live Response API.

Credential type: Custom

Note: The credential type changed with Splunk SIEM 2.0.0. A new API key is required. See Before you Upgrade from Splunk SIEM 1.x to 2.x.x.

Configuration:

Device ID Field: The field name in the search results that contains the device ID upon which to kill the process.
Process Field: The field name in the search results that contains the process name to kill.