From 490d760a4bfb7ac9bfcc40856e0e4abcda211f8e Mon Sep 17 00:00:00 2001
From: molley <github.7rhdeqzfu7@pkt5.com>
Date: Tue, 2 Apr 2019 17:41:07 +0100
Subject: [PATCH] Added current-directory to required field

This field will often indicate where a malicious binary is started from, therefore a good candidate for solo use
---
 objects/process/definition.json | 5 +++--
 1 file changed, 3 insertions(+), 2 deletions(-)

diff --git a/objects/process/definition.json b/objects/process/definition.json
index e0420ee..25d1add 100644
--- a/objects/process/definition.json
+++ b/objects/process/definition.json
@@ -3,7 +3,7 @@
   "uuid": "02aeef94-ac23-455c-addb-731757ceafb5",
   "meta-category": "misc",
   "description": "Object describing a system process.",
-  "version": 3,
+  "version": 4,
   "attributes": {
     "creation-time": {
       "description": "Local date/time at which the process was created.",
@@ -91,6 +91,7 @@
     "name",
     "pid",
     "image",
-    "command-line"
+    "command-line",
+    "current-directory"
   ]
 }