ETC Services
Overview
Section titled “Overview”Evidence: ETC Services
Description: Collect ETC Services
Category: Network
Platform: macos
Short Name: etcsrv
Is Parsed: Yes
Sent to Investigation Hub: Yes
Collect File(s): No
Background
Section titled “Background”/etc/services maps service names to ports and protocols. This data is essential for validating service configurations and troubleshooting network behavior.
Data Collected
Section titled “Data Collected”This collector gathers structured data about etc services.
Collection Method
Section titled “Collection Method”This collector queries the etc_services table via osquery and records entries into etc_services.
Forensic Value
Section titled “Forensic Value”This evidence supports investigations by documenting expected service-port mappings, aiding anomaly detection.