open_sockets

Name: open_sockets
Retrieves all the open sockets per process in the target system.: Identify malware via connections to known bad IP addresses as well as odd local or remote port bindings

Query:
select distinct pid, family, protocol, local_address, local_port, remote_address, remote_port, path from process_open_sockets where path  '' or remote_address  '';
Additional Query Info:
Version: 1.4.5
Platform: posix
Interval: 86400

JSON:
{
  "queries": {
    "open_sockets": {
      "query" : "select distinct pid, family, protocol, local_address, local_port, remote_address, remote_port, path from process_open_sockets where path  '' or remote_address  '';",
      "interval" : "86400",
      "platform" : "posix",
      "version": "1.4.5",
      "description" : "Retrieves all the open sockets per process in the target system.",
      "value" : "Identify malware via connections to known bad IP addresses as well as odd local or remote port bindings"
    }
  }
}

You must be logged in to post a comment.

Proudly powered by WordPress   Premium Style Theme by www.gopiplus.com