DS0023 Named Pipe
Mechanisms that allow inter-process communication locally or over the network. A named pipe is usually found as a file and processes attach to it1
| Item | Value |
|---|---|
| ID | DS0023 |
| Platforms | Linux, Windows, macOS |
| Collection Layers | Host |
| Version | 1.0 |
| Created | 20 October 2021 |
| Last Modified | 30 March 2022 |
Data Components
Named Pipe Metadata
Contextual data about a named pipe on a system, including pipe name and creating process (ex: Sysmon EIDs 17-18)
| Domain | ID | Name |
|---|---|---|
| enterprise | T1570 | Lateral Tool Transfer |