RepoMirrors/osquery-defense-kit
1
0
Fork 0
mirror of https://github.com/chainguard-dev/osquery-defense-kit synced 2025-02-05 20:21:30 +00:00
Code Issues Packages Projects Releases Wiki Activity
dea818239f
osquery-defense-kit/process/hidden-cwd.sql
Thomas Stromberg dea818239f
More scripts
2022-09-09 10:16:28 -04:00

20 lines
403 B
SQL
Raw Blame History

SELECT p.pid,
p.path,
p.name,
p.cmdline,
p.cwd,
p.euid,
p.parent,
pp.path AS parent_path,
pp.name AS parent_name,
pp.cmdline AS parent_cmdline,
pp.euid AS parent_euid
FROM processes p
JOIN processes pp ON p.parent = pp.pid
WHERE
p.cwd LIKE "%/.%" AND NOT (
p.cwd LIKE "%/.local/share%" OR
p.cwd LIKE "%/.vscode/extensions%" OR
p.name = 'bindfs'
)
Reference in New Issue View Git Blame Copy Permalink