RepoMirrors/osquery-defense-kit
1
0
Fork 0
mirror of https://github.com/chainguard-dev/osquery-defense-kit synced 2024-12-13 09:34:34 +00:00
Code Issues Packages Projects Releases Wiki Activity
092bdfe5a3
osquery-defense-kit/net/unexpected-icmp-socket.sql

8 lines
191 B
MySQL
Raw Normal View History

More tuning, more scripts
2022-09-11 19:07:54 +00:00
SELECT pop.pid,
p.path,
p.cmdline
FROM process_open_sockets pop
JOIN processes p ON pop.pid = p.pid
WHERE family = 2 -- PF_INET
AND protocol = 1 -- ICMP
AND p.name NOT IN ('ping')
Reference in New Issue Copy Permalink