mirror of
https://github.com/fleetdm/fleet
synced 2026-05-24 09:28:54 +00:00
02437a098e
Closes: #19271 Closes: #19286 Changes: - Updated the example in the schema folder readme - Updated the block scalar used in Fleet's osquery override documentation (`>-` » `|-`) and removed extra newlines - Updated the block scalar used in URLs used to create new yaml override files - Regenerated osqeury_fleet_schema.json
18 lines
No EOL
812 B
YAML
18 lines
No EOL
812 B
YAML
name: process_open_sockets
|
|
columns:
|
|
- name: state
|
|
platforms:
|
|
- windows
|
|
- linux
|
|
- darwin
|
|
- name: net_namespace
|
|
platforms:
|
|
- linux
|
|
examples: |-
|
|
This table allows you to see network activity by process. With this query, list all connections
|
|
made to or from a process, excluding connections to localhost and
|
|
[RFC1918](https://en.wikipedia.org/wiki/Private_network) IP addresses.
|
|
|
|
```
|
|
SELECT pos.local_port, pos.remote_port, pos.remote_address, p.pid, p.path FROM process_open_sockets pos JOIN processes p ON pos.pid = p.pid WHERE remote_address NOT LIKE '192.168%' AND remote_address NOT LIKE '10.%' AND remote_address NOT LIKE '172.16.%' AND remote_address NOT LIKE '127.%' AND remote_address!='0.0.0.0' AND remote_address NOT LIKE 'fe80%' AND remote_port!='0';
|
|
``` |