public void ProcessTerminate() { var payload = new ProcessTerminationPayload { Executable = "app.exe", Time = DateTime.UtcNow, ProcessId = 11, ExitStatus = 1 }; var obj = new ProcessTerminate(EventPriority.Low, payload); obj.ValidateSchema(); }
private IEvent GetProcessExitEvent(Dictionary <string, string> ev) { var payload = new ProcessTerminationPayload { Executable = GetEventPropertyFromMessage(ev[MessageFieldName], ProcessNameFieldName), ProcessId = Convert.ToUInt32(GetEventPropertyFromMessage(ev[MessageFieldName], ProcessIdFieldName), 16), ExitStatus = Convert.ToInt32(GetEventPropertyFromMessage(ev[MessageFieldName], ExitStatusFieldName), 16), Time = DateTime.Parse(ev[TimeGeneratedFieldName]), ExtraDetails = new Dictionary <string, string> { { AccountDomainFieldName, GetEventPropertyFromMessage(ev[MessageFieldName], AccountDomainFieldName) }, { AccountNameFieldName, GetEventPropertyFromMessage(ev[MessageFieldName], AccountNameFieldName) }, { LogonIdFieldName, GetEventPropertyFromMessage(ev[MessageFieldName], LogonIdFieldName) } } }; return(new ProcessTerminate(AgentConfiguration.GetEventPriority <ProcessTerminate>(), payload)); }