Skip to content

Instantly share code, notes, and snippets.

@toke

toke/osquery.sql

Created July 19, 2018 12:12
Show Gist options
  • Star 0 You must be signed in to star a gist
  • Fork 0 You must be signed in to fork a gist
  • Save toke/1df8588a7cfad87b7b76cee447cca589 to your computer and use it in GitHub Desktop.
Save toke/1df8588a7cfad87b7b76cee447cca589 to your computer and use it in GitHub Desktop.
Download ZIP
Osquery https://osquery.io exmaple queries
Raw
osquery.sql
SELECT DISTINCT process.name, listening.port, listening.address, process.pid
FROM processes AS process JOIN listening_ports AS listening ON process.pid = listening.pid;
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment