mirror of
https://github.com/chainguard-dev/osquery-defense-kit
synced 2024-12-17 19:44:31 +00:00
19 lines
300 B
MySQL
19 lines
300 B
MySQL
|
-- Retrieves all the open sockets per process in the target system.
|
||
|
--
|
||
|
-- tags: postmortem
|
||
|
-- platform: posix
|
||
|
SELECT DISTINCT
|
||
|
pid,
|
||
|
family,
|
||
|
protocol,
|
||
|
local_address,
|
||
|
local_port,
|
||
|
remote_address,
|
||
|
remote_port,
|
||
|
path
|
||
|
FROM
|
||
|
process_open_sockets
|
||
|
WHERE
|
||
|
path <> ''
|
||
|
or remote_address <> '';
|