Adversaries may attempt to get information about running processes on a system. Information obtained could be used to gain an understanding of common software/applications running on systems within the network. Adversaries may use the information from Process Discovery during automated discovery to shape follow-on behaviors, including whether or not the adversary fully infects the target and/or attempts specific actions.
On network devices, Network Device CLI commands such as show processes can be used to display current running processes.
This type of attack technique cannot be easily mitigated with preventive controls since it is based on the abuse of system features.