System Network Connections Discovery¶
Adversaries may attempt to get a listing of network connections to or from a compromised system.
id: | df696af0-8d3f-4557-8278-d10f40ba7c07 |
---|---|
categories: | enrich |
confidence: | low |
os: | macos, linux |
created: | 7/26/2019 |
updated: | 7/26/2019 |
Query¶
process where subtype.create and
process_name in ("netstat", "lsof", "who", "w")
| unique command_line