Evidence: ETC Services
Description: Collect ETC Services
Category: Network
Platform: macos
Short Name: etcsrv
Is Parsed: Yes
Sent to Investigation Hub: Yes
Collect File(s): No
Background
/etc/services maps service names to ports and protocols. This data is essential for validating service configurations and troubleshooting network behavior.
Data Collected
This collector gathers structured data about etc services.
Collection Method
This collector queries the etc_services table via osquery and records entries into etc_services.
Forensic Value
This evidence supports investigations by documenting expected service-port mappings, aiding anomaly detection.
