[Bug] Normalize Hunting Index Link Generation (#3872)
* normalizing hunting link generation * replacing header * adjusting quotes in f-strings * added source file to metadata * removed os dependency * address bug in source file links * reverting TOML loading * change all List type hinting to list * change all List type hinting to list * fixed accented characters in queries * reverted accent character removal; moved macos query and MD to macos folder
This commit is contained in:
Terrance DeJesus
@@ -10,6 +10,7 @@
|
||||
- **UUID:** `7422faf1-ba51-49c3-b8ba-13759e6bcec4`
|
||||
- **Integration:** [endpoint](https://docs.elastic.co/integrations/endpoint)
|
||||
- **Language:** `[SQL]`
|
||||
- **Source File:** [Persistence Through Reverse/Bind Shells](../queries/persistence_reverse_bind_shells.toml)
|
||||
|
||||
## Query
|
||||
|
||||
@@ -49,6 +50,7 @@ SELECT pid, address, port, socket, protocol, path FROM listening_ports
|
||||
- The third hunt query retrieves information about listening ports on the system.
|
||||
- Investigate strange or unexpected open sockets, processes, or listening ports on the system.
|
||||
- Use the information from each hunt to pivot and investigate further for potential reverse/bind shells.
|
||||
|
||||
## MITRE ATT&CK Techniques
|
||||
|
||||
- [T1059.004](https://attack.mitre.org/techniques/T1059/004)
|
||||
|
||||
Reference in New Issue
Block a user