Process Discovery via Built-In Applications¶
Built-in tools can be used to discover running processes on an endpoint
id: | 737c7bed-364f-4b47-a0aa-763c80c8aa6c |
---|---|
categories: | enrich |
confidence: | low |
os: | macos, linux |
created: | 7/26/2019 |
updated: | 7/26/2019 |
MITRE ATT&CK™ Mapping¶
tactics: | Discovery |
---|---|
techniques: | T1057 Process Discovery, T1063 Security Software Discovery |
Query¶
process where subtype.create and
(process_name in ("ps", "pstree", "htop", "pgrep") or
match(command_line, ?".*? /proc/\d+"))