Retrieves the list of the latest logins with PID, username and timestamp.: Useful for intrusion detection and incident response. Verify assumptions of what accounts should be accessing what systems and identify machines accessed during a compromise.
Query:
select * from last;Additional Query Info:
Version: 1.4.5
Platform: posix
Interval: 3600
JSON:
{ "queries": { "last": { "query" : "select * from last;", "interval" : "3600", "platform" : "posix", "version": "1.4.5", "description" : "Retrieves the list of the latest logins with PID, username and timestamp.", "value" : "Useful for intrusion detection and incident response. Verify assumptions of what accounts should be accessing what systems and identify machines accessed during a compromise." } } }