Retrieves all the open files per process in the target system.: Identify processes accessing sensitive files they shouldn't
Query:
select distinct pid, path from process_open_files where path not like '/private/var/folders%' and path not like '/System/Library/%' and path not in ('/dev/null', '/dev/urandom', '/dev/random');Additional Query Info:
Version: 1.4.5
Platform: posix
Interval: 86400
JSON:
{ "queries": { "open_files": { "query" : "select distinct pid, path from process_open_files where path not like '/private/var/folders%' and path not like '/System/Library/%' and path not in ('/dev/null', '/dev/urandom', '/dev/random');", "interval" : "86400", "platform" : "posix", "version": "1.4.5", "description" : "Retrieves all the open files per process in the target system.", "value" : "Identify processes accessing sensitive files they shouldn't" } } }