mirror of
https://github.com/chainguard-dev/osquery-defense-kit
synced 2025-01-27 15:52:52 +00:00
21 lines
431 B
SQL
21 lines
431 B
SQL
-- Retrieves all the open sockets per process in the target system.
|
|
--
|
|
-- interval: 86400
|
|
-- platform: posix
|
|
-- value: Identify malware via connections to known bad IP addresses as well as odd local or remote port bindings
|
|
-- version: 1.4.5
|
|
select distinct
|
|
pid,
|
|
family,
|
|
protocol,
|
|
local_address,
|
|
local_port,
|
|
remote_address,
|
|
remote_port,
|
|
path
|
|
from
|
|
process_open_sockets
|
|
where
|
|
path <> ''
|
|
or remote_address <> '';
|