RepoMirrors
/
osquery-defense-kit
mirror of https://github.com/chainguard-dev/osquery-defense-kit
1
0
Fork 0
Code Issues Packages Projects Releases Wiki Activity
osquery-defense-kit/incident_response/process-files.sql

13 lines
401 B
SQL
Raw Blame History

-- Returns information about running processes(non-hidden only)
--
-- tags: postmortem
-- platform: linux
SELECT GROUP_CONCAT(processes.pid) AS processes,
GROUP_CONCAT(processes.name) AS names,
file.*, hash.sha256,
magic.data
FROM processes
LEFT JOIN file ON processes.path = file.path
LEFT JOIN hash ON processes.path = hash.path
LEFT JOIN magic ON processes.path = magic.path
GROUP BY processes.path
Reference in New Issue View Git Blame Copy Permalink