mirror of
https://github.com/chainguard-dev/osquery-defense-kit
synced 2024-12-09 07:38:44 +00:00
14 lines
295 B
SQL
14 lines
295 B
SQL
SELECT pop.pid,
|
|
p.path,
|
|
p.cmdline,
|
|
p.name, hash.sha256
|
|
FROM process_open_sockets pop
|
|
JOIN processes p ON pop.pid = p.pid
|
|
JOIN hash ON p.path = hash.path
|
|
WHERE family = 17 -- PF_PACKET
|
|
AND name NOT IN (
|
|
'wpa_supplicant',
|
|
'NetworkManager',
|
|
'dhcpcd',
|
|
'tcpdump'
|
|
) |