You signed in with another tab or window. Reload to refresh your session.You signed out in another tab or window. Reload to refresh your session.You switched accounts on another tab or window. Reload to refresh your session.Dismiss alert
Just wondering if it's possible to monitor incoming/outgoing connections to certain IPs. I've seen the tcp_connect example and I'm trying to figure out how I can look for IP addresses and trigger events based on that.
A scenario would be having a process trying to connect to a C2 server (or several) and the goal is to trigger a Sigkill action after I detect that connection.
The text was updated successfully, but these errors were encountered:
Just wondering if it's possible to monitor incoming/outgoing connections to certain IPs. I've seen the
tcp_connectexample and I'm trying to figure out how I can look for IP addresses and trigger events based on that.A scenario would be having a process trying to connect to a C2 server (or several) and the goal is to trigger a
Sigkillaction after I detect that connection.The text was updated successfully, but these errors were encountered: