Forum Discussion
fedecharosky
Nov 10, 2019Brass Contributor
How does NetworkCommunicationsEvents > RemoteURL entity get filled?
Hi team, With WDATP EDR available for Mac I wanted to investigate the RemoteURL field for all Firefox processes, but we don't seem to be capturing that data. NetworkCommunicationEvents | w...
Jan Geisbauer
Nov 12, 2019Brass Contributor
Hi fedecharosky
are you sure the process is called "firefox". You are doing a == that means it has to match exactly. Do a NetworkCommunicationEvents without anything else in the query and check what you get back. I bet its more like "firefox.exe" ..
Cheers,
Jan
Blog: emptyDC.com | Podcast: HairlessInTheCloud.com
- Billy_1May 27, 2020Copper Contributor
Jan Geisbauer Is there a dictionary that describes the source for each fields value?