Windows Processes

  • Published on Sep 26, 2025
  • 3 minute(s) read
Prev Next

Windows Processes, Services, and Apps are core components of the Windows operating system that manage system functionality and user interaction.

Processes are instances of running programs that include executable code and system resources. They are fundamental to application execution and system operations.

Services are background processes designed to perform system-level tasks without user interaction. They often start automatically and support essential functions like networking, security, and updates.

Apps are user-facing programs that provide interactive functionality. They can be traditional desktop applications or modern Universal Windows Platform (UWP) apps, each running one or more processes.

Windows Processes feed includes the windows machine process, services and application related information. Include all necessary fields for more information about the events refer the document for process, services, apps.

Integration Method: Data Collector (Dynamic Ingest)
Tables: Software Inventory Info (5020), Process Query (5015), Service Query (5016)

This integration supports the following events.

Events

Description

Processes

Get the list of Processes

Services

Get the list of Services

Apps

Get the list of apps include UWA apps

Prerequisites

  • Access to the DataBee console.

  • User should have the AD server (ADDS)

  • Install Windows Data collector with access to the console

    • PowerShell version 7 or later

    • Windows Server WS 2022 LTSC (Standard Edition) x86_64 (64 bit)

Configuration Overview

  1. Configuring Data Collector

  2. Change the Redpanda Connect service User

  3. Add Windows Processes feed in Databee.

Configuring Data Collector

In order to receive logs from Windows AD Server, a Data Collector must be installed and configured. The data collector will receive logs from Windows AD Server and send them to DataBee encrypted.

  1. Login to the DataBee UI, click on the settings icon at the top right corner of the UI and from the dropdown menu, select System.
     

  2. From the left sidebar, select Data Collectors. The page will display all the data collectors configured until now.
     

  3. To create a new data collector, scroll to the bottom of the page and click on the Add Data Collector.
     

  4. Fill in the required fields to add data collector:

    • Collector Name: Enter the name of your Data Collector.

    • OS: Select Windows option.

    • Click Next to proceed to the next step. Installation steps windows will appear.
       

  5. Copy the following details using Copy to Clipboard for later use, then click on Close.

    • Install Script

    • Tenant ID

    • Receiver URL

    • Collector ID

    • API Key
       

Note: If you haven’t copied the details mentioned above, you can view them by navigating to Data Collector → selecting the Data Collector you created → Installation Steps.
From there, you can also edit basic information about the Data Collector if needed.


Change the Redpanda Connect service User

After successfully installing the Data Collector, update the Redpanda Connect service account to allow fetching Active Directory registered machine information.

Search > Services > Redpanda Connect (Right click) > Properties > Log On

  1. Search for Services and open the application. 

  2. Inside Services find and select the Redpanda Connect Service. Right click to select  Properties.
     

  3. Inside the Redpanda Connect Service Properties dialog, click on Log On tab
     

  4. Change the account from Local System to an Active Directory Administrator user account.

    1. Click on This Account radio button and Browse for the AD Administrator user.
       

    2. Click on Find Now and find the AD Administrator User
       

    3. After selecting the User Click on OK
       

  5. After selecting the Active Directory Administrator account, enter the password and apply the changes to update the Redpanda Connect service.
     

DataBee Configuration

  1. Navigate to DataBee > Data > Data Feeds and click the Add New Data Feed button
     

  2. Search for the Windows Processes and click it as shown below
     

  3. Click on the Data Collector > Dynamic Ingest option
     

  1. Enter feed contact information and Select the Collector you created and click Next.

  1. Enter the configure data feed and click Submit.

    1. Event Types: select the events types you want to fetch.

    2. Authorization Method: Selected Windows Authentication

    3. Limit(optional): Enter the limit for the pagination

Troubleshooting Tips

  • If you’re facing any issue related to AD server connected machine’s data cannot ingest then check the service user configuration.

  • Check the Redpanda Connect logs in data collector (C:\Program Files\Comcast Databee Collector\logs\services\redpanda-connect)