osquery-defense-kit/process_memory_map.sql at c04901d50a32ac70b9d97b6b356a36702be8cbf6 - osquery-defense-kit - RedXen Git

RepoMirrors/osquery-defense-kit

mirror of https://github.com/chainguard-dev/osquery-defense-kit synced 2025-02-19 19:26:55 +00:00

Thomas Stromberg 4d626923cd

Add many new incident response queries

2023-02-23 09:35:38 -05:00

17 lines

248 B

SQL

Raw Blame History

 -- Retrieves the memory map per process
 -- platform: posix
 -- tags: postmortem
 SELECT pid,
   permissions,
   offset,
   inode,
   path,
   pseudo
 FROM process_memory_map
 WHERE path != ""
 GROUP BY pid,
   permissions,
   offset,
   inode,
   path,
   pseudo;