LoFP / administrators may use the tasklist command to display a list of currently running processes. by itself, it does not indicate malicious activity. after obtaining a foothold, it's possible adversaries may use discovery commands like tasklist to get information about running processes.

source: <a href=https://github.com/elastic/detection-rules/blob/main/rules/_deprecated/discovery_process_discovery_via_tasklist_command.toml>elastic
technicques: T1057

Techniques

Adversaries may attempt to get information about running processes on a system.

event.category:process and event.type:(start or process_started) and process.name:tasklist.exe