Forum Discussion
RajkumarRamasamy
Nov 26, 2024Brass Contributor
azure VM process monitor
Will it be possible to ingress the data about the process with respect to file activity, command line used on that process from the windows VM, as like as the Process Monitor data.
Take this:
- Windows Event Logs:
- Windows Event Logs can capture a variety of system activities, including process creation and termination events. You can use tools like Event Viewer or PowerShell cmdlets to query these logs.
- For example, you can use the Get-WinEvent cmdlet to filter and retrieve specific events related to process activities.
- PowerShell Scripting:
- PowerShell can be used to monitor and log process activities. You can write scripts to capture process information, including command line arguments and file activities.
- Example PowerShell script to log process creation:$logFile = "C:\ProcessLog.txt" Register-WmiEvent -Query "SELECT * FROM __InstanceCreationEvent WITHIN 1 WHERE TargetInstance ISA 'Win32_Process'" -Action { $process = $Event.SourceEventArgs.NewEvent.TargetInstance $logEntry = "Process: $($process.Name) | CommandLine: $($process.CommandLine) | Time: $(Get-Date)" Add-Content -Path $logFile -Value $logEntry }
- RajkumarRamasamyBrass Contributor
Thanks,
My objective is to ingress all the data from the process monitor application into log analytics workspace table.
- Windows Event Logs: