logged_in_users

Name: logged_in_users
Retrieves the list of all the currently logged in users in the target system.: Useful for intrusion detection and incident response. Verify assumptions of what accounts should be accessing what systems and identify machines accessed during a compromise.

Query:
select liu.*, p.name, p.cmdline, p.cwd, p.root from logged_in_users liu, processes p where liu.pid = p.pid;
Additional Query Info:
Version: 1.4.5
Platform: posix
Interval: 3600

JSON:
{
  "queries": {
    "logged_in_users": {
      "query" : "select liu.*, p.name, p.cmdline, p.cwd, p.root from logged_in_users liu, processes p where liu.pid = p.pid;",
      "interval" : "3600",
      "platform" : "posix",
      "version": "1.4.5",
      "description" : "Retrieves the list of all the currently logged in users in the target system.",
      "value" : "Useful for intrusion detection and incident response. Verify assumptions of what accounts should be accessing what systems and identify machines accessed during a compromise."
    }
  }
}

You must be logged in to post a comment.

Proudly powered by WordPress   Premium Style Theme by www.gopiplus.com