diff --git a/atomics/T1049/T1049.yaml b/atomics/T1049/T1049.yaml
new file mode 100644
index 00000000..3019f21d
--- /dev/null
+++ b/atomics/T1049/T1049.yaml
@@ -0,0 +1,44 @@
+---
+attack_technique: T1049
+display_name: System Network Connections Discovery
+
+atomic_tests:
+- name: System Network Connections Discovery
+  description: |
+    Get a listing of network connections.
+
+  supported_platforms:
+    - windows
+
+  executor:
+    name: command_prompt
+    command: |
+      netstat
+      net use
+      net sessions
+
+- name: System Network Connections Discovery with PowerShell
+  description: |
+    Get a listing of network connections.
+
+  supported_platforms:
+    - windows
+
+  executor:
+    name: powershell
+    command: |
+      Get-NetTCPConnection
+
+- name: System Network Connections Discovery Linux & MacOS
+  description: |
+    Get a listing of network connections.
+
+  supported_platforms:
+    - linux
+    - macos
+
+  executor:
+    name: sh
+    command: |
+      netstat
+      who -a
\ No newline at end of file