Provide process id and process exit code to loggers

redcanaryco / invoke-atomicredteam

Invoke-AtomicRedTeam is a PowerShell module to execute tests as defined in the [atomics folder](https://github.com/redcanaryco/atomic-red-team/tree/master/atomics) of Red Canary's Atomic Red Team project.

MIT License

805 stars 190 forks source link

Provide process id and process exit code to loggers #107

Closed hxnoyd closed 1 year ago

hxnoyd commented 1 year ago

This is a feature request.

Would it be possible to pass Invoke-Process $Process.Id and $Process.Exit code to loggers via Write-ExecutionLog? The process id is specially helpful when correlating with EDR timelines to validate detections.

Thanks in advance!

clr2of8 commented 1 year ago

Great idea and YES! We got this added with PR #116 on April 15th