System Network Connections Discovery

Adversaries may attempt to get a listing of network connections to or from a compromised system.

id:df696af0-8d3f-4557-8278-d10f40ba7c07 categories:enrich confidence:low os:macos, linux created:7/26/2019 updated:7/26/2019

MITRE ATT&CK™ Mapping

tactics:Discovery techniques:T1049 System Network Connections Discovery

Query

process where subtype.create and
  process_name in ("netstat", "lsof", "who", "w")
| unique command_line

Contributors

• Endgame