deepblue/windows-itpro-docs
1
0
Fork 0
mirror of https://github.com/MicrosoftDocs/windows-itpro-docs.git synced 2025-05-15 14:57:23 +00:00
Code Issues Actions 3 Packages Projects Releases Wiki Activity

time process

Browse Source
This commit is contained in:
Joey Caparas 2018-03-28 15:13:21 -07:00
parent b1087beacb
commit 9bbb8ec4f9
1 changed files with 1 additions and 1 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

2
windows/security/threat-protection/windows-defender-atp/advanced-hunting-best-practices-windows-defender-advanced-threat-protection.md
View File

@ -40,7 +40,7 @@ The following best practices serve as a guideline of query performance best prac
### Unique Process IDs ### Unique Process IDs
Process IDs are recycled in Windows and reused for new processes, so cannot serve as a unique identifier for a specific process. Process IDs are recycled in Windows and reused for new processes, so cannot serve as a unique identifier for a specific process.
To address this issue, the time the process was created is part of the Windows Defender ATP data. Together with the process ID, this can serve as a unique ID on a specific machine. To address this issue, the time the process was created. You can use the time process together with the process ID which can then serve as a unique ID on a specific machine.
So, when you join data based on a specific process or summarize data for each process, you'll need to use a machine identifier (either MachineId or ComputerName), a process ID (ProcessId or InitiatingProcessId) and the process creation time (ProcessCreationTime or InitiatingProcessCreationTime) So, when you join data based on a specific process or summarize data for each process, you'll need to use a machine identifier (either MachineId or ComputerName), a process ID (ProcessId or InitiatingProcessId) and the process creation time (ProcessCreationTime or InitiatingProcessCreationTime)