Hello there,
As mentioned before, this will be possible with a custom sensor which will allow you to define particular sensor states. You can i.e. use the PowerShell CMDlet
Get-WmiObject win32_process
to monitor the processes of a remote computer. I'll attach a script which will scan a target host for duplicated processes, this should give you a starting point to write your own sensor suiting your needs. Please note that this script comes at it is and we will not offer additional support for it:
# Description: Monitors Windows processes for duplicated entries
# Parameters:
# -Process: The name you want to check for multiple instances
# -process "chrome.exe" -hostname %host -Username "%windowsdomain\%windowsuser" -Password "%windowspassword"
# Parameter list
param(
[string]$process = "ProzessName",
[string]$hostname = "TargetHostName",
[string]$username = "YourUsername",
[string]$password = "YourPassword"
)
# Variables
$result=0
# Generate Credentials Object
$SecPasswd = ConvertTo-SecureString $Password -AsPlainText -Force
$Credentials= New-Object System.Management.Automation.PSCredential ($UserName, $secpasswd)
try{ $Objects = (Get-WmiObject win32_process -ComputerName $($hostname) -Filter "name like '%$($process)%'" | select Commandline | Group-Object commandline) }
catch{
$Objects = (Get-WmiObject win32_process -ComputerName $($hostname) -Credential $($Credentials) -Filter "name like '%$($process)%'" | select Commandline | Group-Object commandline)
}
write-host ($Objects | Measure-Object).Count ":" ($Objects | Measure-Object).Count " instance(s) of the process '$($process)' running"
Best regards, Felix
Add comment