empayre/fleet
14
0
Fork 0
mirror of https://github.com/empayre/fleet.git synced 2024-11-06 08:55:24 +00:00
Code Issues Actions Packages Projects Releases Wiki Activity
3c5d52a5ff
fleet/schema/tables/process_open_sockets.yml

20 lines
819 B
YAML
Raw Normal View History

Add Fleet override schema files (#8278) * create schema/tables, add yaml schema tables * Update osquery-table-details.ejs * Generate schema from schema/tables/ folder * Create generate-yaml-tables-from-json.js * update created table files * update fleet override validation * update error messages, add fleetRepoUrl * Delete generate-yaml-tables-from-json.js * Update osquery-table-details.ejs * Update whitespace in table examples * Revert "Update osquery-table-details.ejs" This reverts commit 2e9d63208f59997d492375ebaf1d0ec7e4afe468. * add YAML tables generated from updated Fleet schema * lint fixes * update arp_cache and docker_containers tables
2022-10-18 19:13:42 +00:00
name: process_open_sockets
columns:
- name: state
platforms:
- windows
- linux
- darwin
- name: net_namespace
platforms:
- linux
Adding examples to 5 tables (#8424)
2022-10-25 18:19:51 +00:00
examples: >-
This table allows you to see network activity by process. With this query, list all connections
made to or from a process, excluding connections to localhost and
[RFC1918](https://en.wikipedia.org/wiki/Private_network) IP addresses.
```
SELECT pos.local_port, pos.remote_port, pos.remote_address, p.pid, p.path FROM process_open_sockets pos JOIN processes p ON pos.pid = p.pid WHERE remote_address NOT LIKE '192.168%' AND remote_address NOT LIKE '10.%' AND remote_address NOT LIKE '172.16.%' AND remote_address NOT LIKE '127.%' AND remote_address!='0.0.0.0' AND remote_address NOT LIKE 'fe80%' AND remote_port!='0';
```
Reference in New Issue Copy Permalink