Use Get-NetTCPConnection (b366adb4-d63d-422d-8a2c-186463b5ded0)
Adversaries may attempt to get a listing of network connections to or from the compromised system they are currently accessing or from remote systems by querying for information over the network.
| Cluster A | Galaxy A | Cluster B | Galaxy B | Level |
|---|---|---|---|---|
| System Network Connections Discovery - T1049 (7e150503-88e7-4861-866b-ff1ac82c4475) | Attack Pattern | Use Get-NetTCPConnection (b366adb4-d63d-422d-8a2c-186463b5ded0) | Sigma-Rules | 1 |