Which event field contains the Falcon generated ID for a process?
Which event field contains the Falcon generated ID for a process?
The field 'TargetProcessId_decimal' represents the unique ID of a target process in decimal format, which aligns with the description of containing the Falcon generated ID for a process. This ID is used in almost all events to identify the process responsible for the activity associated with the event.
B.The unique ID of a target process (in decimal, non-hex format). This field exists in almost all events,and it represents the ID of the process that isresponsible for the activity of the event in focus. Is there a "Process_Id_decimal" option as Falcon Event?
It's B but it should be written like this > TargetProcessId_decimal. It's very misleading, even in the exam is written wrong... Also definition of TargetProcessId_decimal from Event Data Dictionary > The unique ID of a target process (in decimal, non-hex format). This field exists in almost all events, and it represents the ID of the process that is responsible for the activity of the event in focus. For example, the TargetProcessId of a process that performed thread injection in an InjectedThread event.