Processes with listening (bound) network sockets/ports.
name: Windows.Network.ListeningPorts
description: Processes with listening (bound) network sockets/ports.
sources:
- precondition:
SELECT OS From info() where OS = 'windows'
query: |
LET process <= SELECT Name, Pid from pslist()
SELECT * from foreach(
row={
SELECT Pid AS PortPid, Laddr.Port AS Port,
TypeString as Protocol, FamilyString as Family,
Laddr.IP as Address
FROM netstat() where Status = 'LISTEN'
},
query={
SELECT Pid, Name, Port, Protocol, Family, Address
FROM process where Pid = PortPid
})