https://github.com/osquery/osquery logo
#macos
Title
# macos
k

Kiwito

04/03/2023, 8:26 PM
Hey everyone, I have question not directly about osquery. I try to find origin of some suspicious traffic. In osquery, I see they are coming from
com.apple.WebKit.Networking.xpc
and parent process is
launchd
. So whatever making that request is using
webkit
Actually I am quite sure it is safari but are they anyway find out this kind situation's origin? In my opinion I need something like auditd but maybe I am missing something.
2 Views