docs/_static/example.json

[
    {
        "event_type": "process",
        "parent_process_name": "System Idle Process",
        "pid": 4,
        "process_name": "System",
        "subtype": "create",
        "timestamp": 131485996510000000,
        "user": "NT AUTHORITY\\SYSTEM",
        "user_domain": "NT AUTHORITY",
        "user_name": "SYSTEM"
    },
    {
        "command_line": "wininit.exe",
        "event_type": "process",
        "md5": "94355c28c1970635a31b3fe52eb7ceba",
        "pid": 424,
        "ppid": 364,
        "process_name": "wininit.exe",
        "process_path": "C:\\Windows\\System32\\wininit.exe",
        "subtype": "create",
        "timestamp": 131485996510000000,
        "user": "NT AUTHORITY\\SYSTEM",
        "user_domain": "NT AUTHORITY",
        "user_name": "SYSTEM"
    },
    {
        "command_line": "winlogon.exe",
        "event_type": "process",
        "md5": "1151b1baa6f350b1db6598e0fea7c457",
        "pid": 472,
        "ppid": 416,
        "process_name": "winlogon.exe",
        "process_path": "C:\\Windows\\System32\\winlogon.exe",
        "subtype": "create",
        "timestamp": 131485996510000000,
        "user": "NT AUTHORITY\\SYSTEM",
        "user_domain": "NT AUTHORITY",
        "user_name": "SYSTEM"
    },
    {
        "command_line": "C:\\Windows\\system32\\services.exe",
        "event_type": "process",
        "md5": "24acb7e5be595468e3b9aa488b9b4fcb",
        "parent_process_name": "wininit.exe",
        "parent_process_path": "C:\\Windows\\System32\\wininit.exe",
        "pid": 524,
        "ppid": 424,
        "process_name": "services.exe",
        "process_path": "C:\\Windows\\System32\\services.exe",
        "subtype": "create",
        "timestamp": 131485996520000000,
        "user": "NT AUTHORITY\\SYSTEM",
        "user_domain": "NT AUTHORITY",
        "user_name": "SYSTEM"
    },
    {
        "command_line": "C:\\Windows\\system32\\lsass.exe",
        "event_type": "process",
        "md5": "7554a1b82b4a222fd4cc292abd38a558",
        "parent_process_name": "wininit.exe",
        "parent_process_path": "C:\\Windows\\System32\\wininit.exe",
        "pid": 536,
        "ppid": 424,
        "process_name": "lsass.exe",
        "process_path": "C:\\Windows\\System32\\lsass.exe",
        "subtype": "create",
        "timestamp": 131485996520000000,
        "user": "NT AUTHORITY\\SYSTEM",
        "user_domain": "NT AUTHORITY",
        "user_name": "SYSTEM"
    },
    {
        "command_line": "C:\\Windows\\Explorer.EXE",
        "event_type": "process",
        "md5": "ac4c51eb24aa95b77f705ab159189e24",
        "pid": 2460,
        "ppid": 3052,
        "process_name": "explorer.exe",
        "process_path": "C:\\Windows\\explorer.exe",
        "subtype": "create",
        "timestamp": 131485997150000000,
        "user": "research\\researcher",
        "user_domain": "research",
        "user_name": "researcher"
    },
    {
        "command_line": "\"C:\\Windows\\system32\\cmd.exe\" ",
        "event_type": "process",
        "md5": "5746bd7e255dd6a8afa06f7c42c1ba41",
        "parent_process_name": "explorer.exe",
        "parent_process_path": "C:\\Windows\\explorer.exe",
        "pid": 2864,
        "ppid": 2460,
        "process_name": "cmd.exe",
        "process_path": "C:\\Windows\\System32\\cmd.exe",
        "subtype": "create",
        "timestamp": 131491838190000000,
        "user": "research\\researcher",
        "user_domain": "research",
        "user_name": "researcher"
    }
]