Monitor network connections and listening ports with SCOM
Tags
attack-pattern: Data Dns - T1071.004 Dns - T1590.002 Ip Addresses - T1590.005 Powershell - T1059.001 Server - T1583.004 Server - T1584.004 Software - T1592.002 Tool - T1588.002 Powershell - T1086 Windows Management Instrumentation - T1047
Show in Graph
Common Information
Type Value
UUID cbed9d14-15c4-4fee-afe7-cb664c3befd1
Fingerprint acd9520dfb28cfa0
Analysis status DONE
Considered CTI value 0
Text language
Published Jan. 2, 2018, 2:35 a.m.
Added to db Jan. 18, 2023, 8:02 p.m.
Last updated Nov. 17, 2024, 6:50 p.m.
Headline Monitor network connections and listening ports with SCOM
Title Monitor network connections and listening ports with SCOM
Detected Hints/Tags/Attributes 36/1/21
Source URLs
Redirection Url
Details Source https://4sysops.com/archives/monitor-network-connections-and-listening-ports-with-scom/
URL Provider
Details Provider Source level domain
Details 4sysops.com 4sysops.com
Attributes
Details Type #Events CTI Value
Details Domain 339 
system.net
Details Domain 1 
procinfo.name
Details Domain 1 
network.windows.computer.netstatwatcher.computer
Details Domain 67 
microsoft.windows
Details Domain 1 
network.windows.computer
Details Domain 1 
discovery.netstatwatcher.computer
Details Domain 1 
netstatwatcher.computer
Details File 1 
monitoredtcpconnects.csv
Details File 1 
monitoredlisteningports.csv
Details File 2 
c:\windows\system32\netstat.exe
Details File 1 
'monitoredtcpconnects.csv
Details File 6 
api.log
Details File 1 
state.ps1
Details File 18 
system.log
Details File 1 
discovernetstatwatcheritems.ps1
Details File 1 
discovernetstatwatcheritemrelations.ps1
Details File 1 
monitornetstatwatcheritems.ps1
Details IPv4 1 
10.1.11.83
Details IPv4 1 
194.69.46.72
Details IPv4 1441 
127.0.0.1
Details IPv4 619 
0.0.0.0