From e729aa0e8d2bfcfce332e784c148ec0c5e8c1a9d Mon Sep 17 00:00:00 2001
From: Burak Karaduman <36070747+krdmnbrk@users.noreply.github.com>
Date: Sat, 12 Oct 2024 08:51:42 +0300
Subject: [PATCH] Update Attire-ExecutionLogger.psm1
MIME-Version: 1.0
Content-Type: text/plain; charset=UTF-8
Content-Transfer-Encoding: 8bit

“Process ID”, ‘Exit Code’ and ‘Is Timeout’ values have been added to Attire-Logging. The reason for this addition is to easily find the attacks triggered by “Invoke-Atomic” with the detection rules on SIEM.
---
 Public/Attire-ExecutionLogger.psm1 | 3 +++
 1 file changed, 3 insertions(+)

diff --git a/Public/Attire-ExecutionLogger.psm1 b/Public/Attire-ExecutionLogger.psm1
index 4eaf7a2..f0911e0 100644
--- a/Public/Attire-ExecutionLogger.psm1
+++ b/Public/Attire-ExecutionLogger.psm1
@@ -82,6 +82,9 @@ function Write-ExecutionLog($startTime, $stopTime, $technique, $testNum, $testNa
         'time-stop'  = $stopTime
         'executor'   = $testExecutor
         'command'    = $command
+        'process-id' = $res.ProcessId
+        'exit-code'  = $res.ExitCode
+        'is-timeout' = $res.IsTimeout
         'output'     = @()
     }