Hello Abdale thanks for using wazuh!
You can use Sysmon to detect process creation. Sysmon is a command line tool which allows us to monitor and track processes taking place in our computers. With the right configuration, suspicious behaviors can be detected by Sysmon and the detailed information will be stored in the generated log.
For more information I recommend reading our blog about how to integrate it with wazuh and how to configure it.
Best regards
Nicolás