Microsoft Graph · Schema
process
Azure ADCollaborationContactsDocumentsEmailGraphIdentityMicrosoftOffice 365PresentationsProductivitySpreadsheetsT1Tasks
Properties
| Name | Type | Description |
|---|---|---|
| accountName | string | User account identifier (user account context the process ran under) for example, AccountName, SID, and so on. |
| commandLine | string | The full process invocation commandline including all parameters. |
| createdDateTime | string | Time at which the process was started. The Timestamp type represents date and time information using ISO 8601 format and is always in UTC time. For example, midnight UTC on Jan 1, 2014 is 2014-01-01T0 |
| fileHash | object | Complex type containing file hashes (cryptographic and location-sensitive). |
| integrityLevel | object | The integrity level of the process. The possible values are: unknown, untrusted, low, medium, high, system. |
| isElevated | boolean | True if the process is elevated. |
| name | string | The name of the process' Image file. |
| parentProcessCreatedDateTime | string | DateTime at which the parent process was started. The Timestamp type represents date and time information using ISO 8601 format and is always in UTC time. For example, midnight UTC on Jan 1, 2014 is 2 |
| parentProcessId | number | The Process ID (PID) of the parent process. |
| parentProcessName | string | The name of the image file of the parent process. |
| path | string | Full path, including filename. |
| processId | number | The Process ID (PID) of the process. |
| @odata.type | string |
JSON Schema
{
"$schema": "https://json-schema.org/draft/2020-12/schema",
"$id": "#/components/schemas/microsoft.graph.process",
"title": "process",
"required": [
"@odata.type"
],
"type": "object",
"properties": {
"accountName": {
"type": "string",
"description": "User account identifier (user account context the process ran under) for example, AccountName, SID, and so on.",
"nullable": true
},
"commandLine": {
"type": "string",
"description": "The full process invocation commandline including all parameters.",
"nullable": true
},
"createdDateTime": {
"pattern": "^[0-9]{4,}-(0[1-9]|1[012])-(0[1-9]|[12][0-9]|3[01])T([01][0-9]|2[0-3]):[0-5][0-9]:[0-5][0-9]([.][0-9]{1,12})?(Z|[+-][0-9][0-9]:[0-9][0-9])$",
"type": "string",
"description": "Time at which the process was started. The Timestamp type represents date and time information using ISO 8601 format and is always in UTC time. For example, midnight UTC on Jan 1, 2014 is 2014-01-01T00:00:00Z.",
"format": "date-time",
"nullable": true
},
"fileHash": {
"anyOf": [
{
"$ref": "#/components/schemas/microsoft.graph.fileHash"
},
{
"type": "object",
"nullable": true
}
],
"description": "Complex type containing file hashes (cryptographic and location-sensitive)."
},
"integrityLevel": {
"anyOf": [
{
"$ref": "#/components/schemas/microsoft.graph.processIntegrityLevel"
},
{
"type": "object",
"nullable": true
}
],
"description": "The integrity level of the process. The possible values are: unknown, untrusted, low, medium, high, system."
},
"isElevated": {
"type": "boolean",
"description": "True if the process is elevated.",
"nullable": true
},
"name": {
"type": "string",
"description": "The name of the process' Image file.",
"nullable": true
},
"parentProcessCreatedDateTime": {
"pattern": "^[0-9]{4,}-(0[1-9]|1[012])-(0[1-9]|[12][0-9]|3[01])T([01][0-9]|2[0-3]):[0-5][0-9]:[0-5][0-9]([.][0-9]{1,12})?(Z|[+-][0-9][0-9]:[0-9][0-9])$",
"type": "string",
"description": "DateTime at which the parent process was started. The Timestamp type represents date and time information using ISO 8601 format and is always in UTC time. For example, midnight UTC on Jan 1, 2014 is 2014-01-01T00:00:00Z.",
"format": "date-time",
"nullable": true
},
"parentProcessId": {
"maximum": 2147483647,
"minimum": -2147483648,
"type": "number",
"description": "The Process ID (PID) of the parent process.",
"format": "int32",
"nullable": true
},
"parentProcessName": {
"type": "string",
"description": "The name of the image file of the parent process.",
"nullable": true
},
"path": {
"type": "string",
"description": "Full path, including filename.",
"nullable": true
},
"processId": {
"maximum": 2147483647,
"minimum": -2147483648,
"type": "number",
"description": "The Process ID (PID) of the process.",
"format": "int32",
"nullable": true
},
"@odata.type": {
"type": "string"
}
}
}