Get Network Statistics via netstat activity The Security Common Orchestration - Get Network Statistics via netstat, workflow activity retrieves the network statistics for an affected resource on a Windows-based system. This activity can accelerate the investigation and remediation process. The Get Network Statistics via netstat activity can be used with any workflow to retrieve network statistics from a Windows-based system. The machine is queried with the netstat command including the -a and -o parameters. To enhance the output data, get-process command is also invoked. Results Possible results for this activity are: Table 1. Results Result Description Success Network statistics were retrieved in JSON format. Failure An error occurred while attempting to retrieve network statistics. More error information is available in the activity output error. Table 2. Input variables Variable Description target [string] The fully qualified domain name (FQDN) or IP address of the target system. Output variables The output variables contain data that can be used in subsequent activities. Table 3. Output variables Variable Description response [string] A JSON string representing the current running processes on the target machine. JSON data includes: pid Process identifier local _port Local port for the network transaction state Status of the TCP connection. Note: This field is null for UDP connections. local_address Local fully qualified domain name (FQDN) or IP address remote_address Remote fully qualified domain name (FQDN) or IP address protocol TCP or UDP remote_port Remote port of the network transaction path The file path of the process executable hash The hash value of the process executable. The hash is in SHA-256 for PowerShell V4 or higher. Otherwise, the hash is in MD5. Restrictions The MID Server must support PowerShell. SHA-256 hash requires PowerShell V4.
Get Network Statistics via netstat activity The Security Common Orchestration - Get Network Statistics via netstat, workflow activity retrieves the network statistics for an affected resource on a Windows-based system. This activity can accelerate the investigation and remediation process. The Get Network Statistics via netstat activity can be used with any workflow to retrieve network statistics from a Windows-based system. The machine is queried with the netstat command including the -a and -o parameters. To enhance the output data, get-process command is also invoked. Results Possible results for this activity are: Table 1. Results Result Description Success Network statistics were retrieved in JSON format. Failure An error occurred while attempting to retrieve network statistics. More error information is available in the activity output error. Table 2. Input variables Variable Description target [string] The fully qualified domain name (FQDN) or IP address of the target system. Output variables The output variables contain data that can be used in subsequent activities. Table 3. Output variables Variable Description response [string] A JSON string representing the current running processes on the target machine. JSON data includes: pid Process identifier local _port Local port for the network transaction state Status of the TCP connection. Note: This field is null for UDP connections. local_address Local fully qualified domain name (FQDN) or IP address remote_address Remote fully qualified domain name (FQDN) or IP address protocol TCP or UDP remote_port Remote port of the network transaction path The file path of the process executable hash The hash value of the process executable. The hash is in SHA-256 for PowerShell V4 or higher. Otherwise, the hash is in MD5. Restrictions The MID Server must support PowerShell. SHA-256 hash requires PowerShell V4.
