last

Name: last
Retrieves the list of the latest logins with PID, username and timestamp.: Useful for intrusion detection and incident response. Verify assumptions of what accounts should be accessing what systems and identify machines accessed during a compromise.

Query:
select * from last;
Additional Query Info:
Version: 1.4.5
Platform: posix
Interval: 3600

JSON:
{
  "queries": {
    "last": {
      "query" : "select * from last;",
      "interval" : "3600",
      "platform" : "posix",
      "version": "1.4.5",
      "description" : "Retrieves the list of the latest logins with PID, username and timestamp.",
      "value" : "Useful for intrusion detection and incident response. Verify assumptions of what accounts should be accessing what systems and identify machines accessed during a compromise."
    }
  }
}

You must be logged in to post a comment.

Proudly powered by WordPress   Premium Style Theme by www.gopiplus.com