diff --git a/atomics/Indexes/Indexes-CSV/index.csv b/atomics/Indexes/Indexes-CSV/index.csv
index 4dbe8fde..c617160d 100644
--- a/atomics/Indexes/Indexes-CSV/index.csv
+++ b/atomics/Indexes/Indexes-CSV/index.csv
@@ -863,6 +863,9 @@ discovery,T1201,Password Policy Discovery,9,Enumerate Active Directory Password
discovery,T1120,Peripheral Device Discovery,1,Win32_PnPEntity Hardware Inventory,2cb4dbf2-2dca-4597-8678-4d39d207a3a5,powershell
discovery,T1057,Process Discovery,1,Process Discovery - ps,4ff64f0b-aaf2-4866-b39d-38d9791407cc,sh
discovery,T1057,Process Discovery,2,Process Discovery - tasklist,c5806a4f-62b8-4900-980b-c7ec004e9908,command_prompt
+discovery,T1057,Process Discovery,3,Process Discovery - Get-Process,3b3809b6-a54b-4f5b-8aff-cb51f2e97b34,powershell
+discovery,T1057,Process Discovery,4,Process Discovery - get-wmiObject,b51239b4-0129-474f-a2b4-70f855b9f2c2,powershell
+discovery,T1057,Process Discovery,5,Process Discovery - wmic process,640cbf6d-659b-498b-ba53-f6dd1a1cc02c,command_prompt
discovery,T1012,Query Registry,1,Query Registry,8f7578c4-9863-4d83-875c-a565573bbdf0,command_prompt
discovery,T1018,Remote System Discovery,1,Remote System Discovery - net,85321a9c-897f-4a60-9f20-29788e50bccd,command_prompt
discovery,T1018,Remote System Discovery,2,Remote System Discovery - net group Domain Computers,f1bf6c8f-9016-4edf-aff9-80b65f5d711f,command_prompt
diff --git a/atomics/Indexes/Indexes-CSV/windows-index.csv b/atomics/Indexes/Indexes-CSV/windows-index.csv
index 5b5eadf1..0f3cc867 100644
--- a/atomics/Indexes/Indexes-CSV/windows-index.csv
+++ b/atomics/Indexes/Indexes-CSV/windows-index.csv
@@ -584,6 +584,9 @@ discovery,T1201,Password Policy Discovery,8,Get-DomainPolicy with PowerView,3177
discovery,T1201,Password Policy Discovery,9,Enumerate Active Directory Password Policy with get-addefaultdomainpasswordpolicy,b2698b33-984c-4a1c-93bb-e4ba72a0babb,powershell
discovery,T1120,Peripheral Device Discovery,1,Win32_PnPEntity Hardware Inventory,2cb4dbf2-2dca-4597-8678-4d39d207a3a5,powershell
discovery,T1057,Process Discovery,2,Process Discovery - tasklist,c5806a4f-62b8-4900-980b-c7ec004e9908,command_prompt
+discovery,T1057,Process Discovery,3,Process Discovery - Get-Process,3b3809b6-a54b-4f5b-8aff-cb51f2e97b34,powershell
+discovery,T1057,Process Discovery,4,Process Discovery - get-wmiObject,b51239b4-0129-474f-a2b4-70f855b9f2c2,powershell
+discovery,T1057,Process Discovery,5,Process Discovery - wmic process,640cbf6d-659b-498b-ba53-f6dd1a1cc02c,command_prompt
discovery,T1012,Query Registry,1,Query Registry,8f7578c4-9863-4d83-875c-a565573bbdf0,command_prompt
discovery,T1018,Remote System Discovery,1,Remote System Discovery - net,85321a9c-897f-4a60-9f20-29788e50bccd,command_prompt
discovery,T1018,Remote System Discovery,2,Remote System Discovery - net group Domain Computers,f1bf6c8f-9016-4edf-aff9-80b65f5d711f,command_prompt
diff --git a/atomics/Indexes/Indexes-Markdown/index.md b/atomics/Indexes/Indexes-Markdown/index.md
index f94c7bc5..b2590017 100644
--- a/atomics/Indexes/Indexes-Markdown/index.md
+++ b/atomics/Indexes/Indexes-Markdown/index.md
@@ -1378,6 +1378,9 @@
- [T1057 Process Discovery](../../T1057/T1057.md)
- Atomic Test #1: Process Discovery - ps [macos, linux]
- Atomic Test #2: Process Discovery - tasklist [windows]
+ - Atomic Test #3: Process Discovery - Get-Process [windows]
+ - Atomic Test #4: Process Discovery - get-wmiObject [windows]
+ - Atomic Test #5: Process Discovery - wmic process [windows]
- [T1012 Query Registry](../../T1012/T1012.md)
- Atomic Test #1: Query Registry [windows]
- [T1018 Remote System Discovery](../../T1018/T1018.md)
diff --git a/atomics/Indexes/Indexes-Markdown/windows-index.md b/atomics/Indexes/Indexes-Markdown/windows-index.md
index b500a3c2..e82acf47 100644
--- a/atomics/Indexes/Indexes-Markdown/windows-index.md
+++ b/atomics/Indexes/Indexes-Markdown/windows-index.md
@@ -980,6 +980,9 @@
- T1069 Permission Groups Discovery [CONTRIBUTE A TEST](https://github.com/redcanaryco/atomic-red-team/wiki/Contributing)
- [T1057 Process Discovery](../../T1057/T1057.md)
- Atomic Test #2: Process Discovery - tasklist [windows]
+ - Atomic Test #3: Process Discovery - Get-Process [windows]
+ - Atomic Test #4: Process Discovery - get-wmiObject [windows]
+ - Atomic Test #5: Process Discovery - wmic process [windows]
- [T1012 Query Registry](../../T1012/T1012.md)
- Atomic Test #1: Query Registry [windows]
- [T1018 Remote System Discovery](../../T1018/T1018.md)
diff --git a/atomics/Indexes/index.yaml b/atomics/Indexes/index.yaml
index def15a93..8ec9b797 100644
--- a/atomics/Indexes/index.yaml
+++ b/atomics/Indexes/index.yaml
@@ -57394,6 +57394,42 @@ discovery:
executor:
command: 'tasklist
+'
+ name: command_prompt
+ - name: Process Discovery - Get-Process
+ auto_generated_guid: 3b3809b6-a54b-4f5b-8aff-cb51f2e97b34
+ description: "Utilize Get-Process PowerShell cmdlet to identify processes.\n\nUpon
+ successful execution, powershell.exe will execute Get-Process to list processes.
+ Output will be via stdout. \n"
+ supported_platforms:
+ - windows
+ executor:
+ command: 'Get-Process
+
+'
+ name: powershell
+ - name: Process Discovery - get-wmiObject
+ auto_generated_guid: b51239b4-0129-474f-a2b4-70f855b9f2c2
+ description: "Utilize get-wmiObject PowerShell cmdlet to identify processes.\n\nUpon
+ successful execution, powershell.exe will execute get-wmiObject to list processes.
+ Output will be via stdout. \n"
+ supported_platforms:
+ - windows
+ executor:
+ command: 'get-wmiObject -class Win32_Process
+
+'
+ name: powershell
+ - name: Process Discovery - wmic process
+ auto_generated_guid: 640cbf6d-659b-498b-ba53-f6dd1a1cc02c
+ description: "Utilize windows management instrumentation to identify processes.\n\nUpon
+ successful execution, WMIC will execute process to list processes. Output
+ will be via stdout. \n"
+ supported_platforms:
+ - windows
+ executor:
+ command: 'wmic process get /format:list
+
'
name: command_prompt
T1012:
diff --git a/atomics/T1057/T1057.md b/atomics/T1057/T1057.md
index 68e6c297..96b72803 100644
--- a/atomics/T1057/T1057.md
+++ b/atomics/T1057/T1057.md
@@ -10,6 +10,12 @@ In Windows environments, adversaries could obtain details on running processes u
- [Atomic Test #2 - Process Discovery - tasklist](#atomic-test-2---process-discovery---tasklist)
+- [Atomic Test #3 - Process Discovery - Get-Process](#atomic-test-3---process-discovery---get-process)
+
+- [Atomic Test #4 - Process Discovery - get-wmiObject](#atomic-test-4---process-discovery---get-wmiobject)
+
+- [Atomic Test #5 - Process Discovery - wmic process](#atomic-test-5---process-discovery---wmic-process)
+
@@ -80,4 +86,94 @@ tasklist
+
+
+
+## Atomic Test #3 - Process Discovery - Get-Process
+Utilize Get-Process PowerShell cmdlet to identify processes.
+
+Upon successful execution, powershell.exe will execute Get-Process to list processes. Output will be via stdout.
+
+**Supported Platforms:** Windows
+
+
+**auto_generated_guid:** 3b3809b6-a54b-4f5b-8aff-cb51f2e97b34
+
+
+
+
+
+
+#### Attack Commands: Run with `powershell`!
+
+
+```powershell
+Get-Process
+```
+
+
+
+
+
+
+
+
+
+## Atomic Test #4 - Process Discovery - get-wmiObject
+Utilize get-wmiObject PowerShell cmdlet to identify processes.
+
+Upon successful execution, powershell.exe will execute get-wmiObject to list processes. Output will be via stdout.
+
+**Supported Platforms:** Windows
+
+
+**auto_generated_guid:** b51239b4-0129-474f-a2b4-70f855b9f2c2
+
+
+
+
+
+
+#### Attack Commands: Run with `powershell`!
+
+
+```powershell
+get-wmiObject -class Win32_Process
+```
+
+
+
+
+
+
+
+
+
+## Atomic Test #5 - Process Discovery - wmic process
+Utilize windows management instrumentation to identify processes.
+
+Upon successful execution, WMIC will execute process to list processes. Output will be via stdout.
+
+**Supported Platforms:** Windows
+
+
+**auto_generated_guid:** 640cbf6d-659b-498b-ba53-f6dd1a1cc02c
+
+
+
+
+
+
+#### Attack Commands: Run with `command_prompt`!
+
+
+```cmd
+wmic process get /format:list
+```
+
+
+
+
+
+