Performant endpoint visibility
Processes running without a binary on disk
Frequently, attackers will leave a malicious process running but delete the original binary on disk. This query returns any process whose original binary has been deleted, which could be an indicator of a suspicious process
Sponsor Organizations.
Linux foundation
Fleet device management
Caffeine security
Homepage: osquery.io
Downloads: osquery.io/downloads
Documentation: ReadTheDocs
Processes running without a binary on disk
Frequently, attackers will leave a malicious process running but delete the original binary on disk. This query returns any process whose original binary has been deleted, which could be an indicator of a suspicious process
Sponsor Organizations.
Linux foundation
Fleet device management
Caffeine security
Homepage: osquery.io
Downloads: osquery.io/downloads
Documentation: ReadTheDocs
