Suggest capturing Exit Status and PID #2
Description
Suggest adding the PID of the process starting the test, and an exit status for the test, for completeness.
This allows the timestamps to scope to a specific parent pid on a specific host, further easing follow-on telemetry analysis.
Tests that report a correct exit status on success or failure can easily indicate state without parsing stdout/stderr.
eg:
"steps": [
{
"command": "powershell.exe -File \"T1218010 - Regsvr32 remote COM scriptlet execution\"",
"executor": "POWERSHELL",
"order": 1,
+ "pid": 1234,
+ "exit": 1,
"output": [
{
"content": "File C:\\Users\\User\\Desktop\\AEv1.0 - Administrator-10\\T1218010 - Regsvr32 remote COM scriptlet executio.ps1 cannot be \r\nloaded. The file C:\\Users\\User\\Desktop\\AEv1.0 - Administrator-10\\T1218010 - Regsvr32 remote COM scriptlet executio is not digitally signed. You cannot run this script on the current system. For more information \r\nabout running scripts and setting execution policy, see about_Execution_Policies at \r\nhttps:/go.microsoft.com/fwlink/?LinkID=135170.\r\n + CategoryInfo : SecurityError: (:) [], ParentContainsErrorRecordException\r\n + FullyQualifiedErrorId : UnauthorizedAccess",
"level": "STDERR",
"type": "console"
}
],
"time-start": "2021-10-27T02:02:23.000Z",
"time-stop": "2021-10-27T02:02:25.000Z"
}
]