Retrieves all the open sockets per process in the target system.: Identify malware via connections to known bad IP addresses as well as odd local or remote port bindings
Query:
select distinct pid, family, protocol, local_address, local_port, remote_address, remote_port, path from process_open_sockets where path '' or remote_address '';Additional Query Info:
Version: 1.4.5
Platform: posix
Interval: 86400
JSON:
{ "queries": { "open_sockets": { "query" : "select distinct pid, family, protocol, local_address, local_port, remote_address, remote_port, path from process_open_sockets where path '' or remote_address '';", "interval" : "86400", "platform" : "posix", "version": "1.4.5", "description" : "Retrieves all the open sockets per process in the target system.", "value" : "Identify malware via connections to known bad IP addresses as well as odd local or remote port bindings" } } }