Process Discovery via Built-In Applications¶
Built-in tools can be used to discover running processes on an endpoint
| id: | 737c7bed-364f-4b47-a0aa-763c80c8aa6c |
|---|---|
| categories: | enrich |
| confidence: | low |
| os: | macos, linux |
| created: | 7/26/2019 |
| updated: | 7/26/2019 |
MITRE ATT&CK™ Mapping¶
| tactics: | Discovery |
|---|---|
| techniques: | T1057 Process Discovery, T1063 Security Software Discovery |
Query¶
process where subtype.create and
(process_name in ("ps", "pstree", "htop", "pgrep") or
match(command_line, ?".*? /proc/\d+"))