Here we are exploring the list of processes up and running and using “limit” to pull the specific number of records on the console. List the number of processes running on the user machine and filter them accordingly to find the bad actor. Osquery Statement: Select * from users WHERE description like ‘%windows%’ OSquery – List of processes OSquery Statements:Select uid,username from users List of user names with their uid levelsĪbove query is to perform an sting operation on the database with syntax, like ‘% Hunt your data Here%’ OSquery Statements: Select uid from users Above Figure shows, Retrieval of list of UIDīelow is the query to list usernames with uid. OSquery Statements: Select Count(*) from users Above screen dump illustrates, Counting the list of user accountsīelow is the query to list users UID ( Unique Identifier ) OSquery Statements : Select * from users limit 8 Above screen dump illustrates ,List of active user accounts,User’s UID
0 Comments
Leave a Reply. |
AuthorWrite something about yourself. No need to be fancy, just an overview. ArchivesCategories |