Etc Services

Overview

Evidence: ETC Services Description: Collect ETC Services Category: Configurations Platform: macOS Short Name: etcsrv Is Parsed: Yes Sent to Investigation Hub: Yes Collect File(s): No

Background

/etc/services maps service names to ports and protocols. This data is essential for validating service configurations and troubleshooting network behavior.

Data Collected

This collector gathers structured data about etc services.

ETC Services Data

Field

Description

Example

ID

Name

Name

Example Name

Port

Port

Example value

Protocol

Protocol

Example value

Aliases

Aliases

Example value

Comment

Comment

Example value

Collection Method

This collector queries the etc_services table via osquery and records entries into etc_services.

Usage

This evidence supports investigations by documenting expected service-port mappings, aiding anomaly detection.

Notes

This data may contain sensitive information that should be handled according to data protection requirements. Ensure proper chain of custody is maintained during collection and analysis.

PreviousEtc Protocols NextEvent Taps

Last updated 5 days ago

Was this helpful?