mirror of
https://github.com/chainguard-dev/osquery-defense-kit
synced 2024-12-10 16:14:40 +00:00
8 lines
191 B
SQL
8 lines
191 B
SQL
SELECT pop.pid,
|
|
p.path,
|
|
p.cmdline
|
|
FROM process_open_sockets pop
|
|
JOIN processes p ON pop.pid = p.pid
|
|
WHERE family = 2 -- PF_INET
|
|
AND protocol = 1 -- ICMP
|
|
AND p.name NOT IN ('ping') |