osquery-defense-kit/incident_response/open_sockets.sql

19 lines
300 B
MySQL
Raw Permalink Normal View History

2022-10-19 20:56:43 +00:00
-- Retrieves all the open sockets per process in the target system.
--
-- tags: postmortem
-- platform: posix
SELECT DISTINCT
pid,
family,
protocol,
local_address,
local_port,
remote_address,
remote_port,
path
FROM
process_open_sockets
WHERE
path <> ''
or remote_address <> '';