The Windows Process Monitoring dashboard helps to see an overview of all the commands being used on the Windows systems. Some commands can be expected and others not. So understanding the types or applications being used and the commands they run is good practice for cyber hygiene on the network. The presents of unauthorized software or staff running commands that would not normally be run can be a sign the system has been compromised and the hacker is using whats called “Living of the Land” techniques to obfuscate whats being done on the network as many AV tools wont see this as a threat. Some XDR tools can pick up on this activity but some can slip past the detection. Some parts of the dashboard only show data for the last 4 hours as some Windows systems can generate massive events. If longer search times are desired then its best to use the event search feature to search for logs over longer time period.
This page provides the following details.
...