Discovery of Network Environment via Built-in Tools¶
Build-in tools can be used to enumerate and discover network environment on unix systems.
id: | fd7a0c56-60fa-4f14-8c8e-0e41ad955725 |
---|---|
categories: | enrich |
confidence: | low |
os: | macos, linux |
created: | 7/26/2019 |
updated: | 7/26/2019 |
Query¶
process where subtype.create and (
process_name in ("ifconfig", "arp", "networkctl", "netstat", "route", "ntop") or (
process_name in ('cat', 'more', 'less', 'vim', 'vi', 'nano', 'gedit') and
command_line =="* /etc/hosts*"
)
)