Named Pipe

Mechanisms that allow inter-process communication locally or over the network. A named pipe is usually found as a file and processes attach to it[1]

ID: DS0023
Platforms: Linux, Windows, macOS
Collection Layer: Host
Contributors: Center for Threat-Informed Defense (CTID)
Version: 1.0
Created: 20 October 2021
Last Modified: 10 November 2021

Data Components

Named Pipe: Named Pipe Metadata

Contextual data about a named pipe on a system, including pipe name and creating process (ex: Sysmon EIDs 17-18)

Named Pipe: Named Pipe Metadata

Contextual data about a named pipe on a system, including pipe name and creating process (ex: Sysmon EIDs 17-18)

Domain ID Name
Enterprise T1570 Lateral Tool Transfer

References