Enumeration of System Information

System information enumeration and discovery via built-in tools.

id:6a1247d5-8b8a-4a5c-8d35-dd9ef220e7d1 categories:enrich confidence:low os:linux created:7/26/2019 updated:7/26/2019

MITRE ATT&CK™ Mapping

tactics:Discovery techniques:T1082 System Information Discovery

Query

process where subtype.create and (
  process_name == "uname" or (
  process_name in ("cat", "more", "less") and
    wildcard(command_line,
             "* /etc/issue*",    "* /proc/version*", "* /etc/profile*",
             "* /etc/services*", "* /proc/cpuinfo*",)
  ))

Contributors

• Endgame