mirror of
https://github.com/chainguard-dev/osquery-defense-kit
synced 2024-12-18 03:54:30 +00:00
19 lines
300 B
SQL
19 lines
300 B
SQL
-- Retrieves all the open sockets per process in the target system.
|
|
--
|
|
-- tags: postmortem
|
|
-- platform: posix
|
|
SELECT DISTINCT
|
|
pid,
|
|
family,
|
|
protocol,
|
|
local_address,
|
|
local_port,
|
|
remote_address,
|
|
remote_port,
|
|
path
|
|
FROM
|
|
process_open_sockets
|
|
WHERE
|
|
path <> ''
|
|
or remote_address <> '';
|