Etc Services

Overview

Evidence: ETC Services Description: Collect ETC Services Category: Network Platform: macos Short Name: etcsrv Is Parsed: Yes Sent to Investigation Hub: Yes Collect File(s): No

Background

/etc/services maps service names to ports and protocols. This data is essential for validating service configurations and troubleshooting network behavior.

Data Collected

This collector gathers structured data about etc services.

Collection Method

This collector queries the etc_services table via osquery and records entries into etc_services.

Forensic Value

This evidence supports investigations by documenting expected service-port mappings, aiding anomaly detection.

PreviousEtc Protocols NextEvent Taps

Last updated 2 days ago

Was this helpful?