Skip to main content

Documentation Index

Fetch the complete documentation index at: https://learninghub.blinkops.com/llms.txt

Use this file to discover all available pages before exploring further.

To learn more, visit the EchoTrail documentation.

Parameters

ParameterDescription
QueryThe name or hash of an endpoint process to lookup.Must be a Windows filename with extension, a SHA256 hash of a windows process, or a md5 hash of a windows process.If the search yields no results, the response will include the message: EchoTrail has never observed X executing in the wild.

Example Output

{    "description": "Svchost.exe is the name for services that run from dynamic-linked libraries (DLLs). The Service Host... ",    "rank": 11,    "host_prev": "95.3",    "eps": "96.70",    "paths": [        [            "c:\\windows\\system32",            "99.99"        ],        [            "c:\\windows\\syswow64",            "0.00"        ],        [            "c:\\windows\\temp",            "0.00"        ]    ],    "parents": [        [            "services.exe",            "99.88"        ],        [            "msmpeng.exe",            "0.11"        ],        [            "svchost.exe",            "0.00"        ]    ],    "children": [        [            "wmiprvse.exe",            "19.99"        ],        [            "backgroundtaskhost.exe",            "11.60"        ],        [            "runtimebroker.exe",            "6.47"        ],        [            "dllhost.exe",            "6.30"        ]    ],    "grandparents": [        [            "wininit.exe",            "99.87"        ],        [            "services.exe",            "0.13"        ],        [            "explorer.exe",            "0.00"        ]    ],    "hashes": [        [            "b868487f8edbd0571d30d89573f087bfeac3da190652344afd351b1868ea0f8b",            "65.81"        ],        [            "9f21e51442209bcec0ea4a468ef8a4741685ae204d5063f4c3e45e1f8cf72643",            "26.25"        ],        [            "c9a28dc8004c3e043cbf8e3a194fda2b756ce90740df2175488337281b485f69",            "4.12"        ],        [            "c7db4ae8175c33a47baa3ddfa089fad17bc8e362f21e835d78ab22c9231fe370",            "1.81"        ],        [            "438b6ccd84f4dd32d9684ed7d58fd7d1e5a75fe3f3d12ab6c788e6bb0ffad5e7",            "1.15"        ]    ],    "network": [        [            "443",            "45.15"        ],        [            "80",            "32.48"        ],        [            "5355",            "0.61"        ],        [            "1900",            "0.39"        ],        [            "5353",            "0.30"        ]    ],    "intel": "It is normal to see many svchost processes running on a single machine. It usually has elevated privileges and... "}

Workflow Library Example

Insights Search with Echotrail and Send Results Via Email
Workflow LibraryPreview this Workflow on desktop