public void ProcessTerminate()
{
var payload = new ProcessTerminationPayload
{
Executable = "app.exe",
Time = DateTime.UtcNow,
ProcessId = 11,
ExitStatus = 1
};
var obj = new ProcessTerminate(EventPriority.Low, payload);
obj.ValidateSchema();
}
private IEvent GetProcessExitEvent(Dictionary <string, string> ev)
{
var payload = new ProcessTerminationPayload
{
Executable = GetEventPropertyFromMessage(ev[MessageFieldName], ProcessNameFieldName),
ProcessId = Convert.ToUInt32(GetEventPropertyFromMessage(ev[MessageFieldName], ProcessIdFieldName), 16),
ExitStatus = Convert.ToInt32(GetEventPropertyFromMessage(ev[MessageFieldName], ExitStatusFieldName), 16),
Time = DateTime.Parse(ev[TimeGeneratedFieldName]),
ExtraDetails = new Dictionary <string, string>
{
{ AccountDomainFieldName, GetEventPropertyFromMessage(ev[MessageFieldName], AccountDomainFieldName) },
{ AccountNameFieldName, GetEventPropertyFromMessage(ev[MessageFieldName], AccountNameFieldName) },
{ LogonIdFieldName, GetEventPropertyFromMessage(ev[MessageFieldName], LogonIdFieldName) }
}
};
return(new ProcessTerminate(AgentConfiguration.GetEventPriority <ProcessTerminate>(), payload));
}
