Named Pipe

Mechanisms that allow inter-process communication locally or over the network. A named pipe is usually found as a file and processes attach to it[1]

ID: DS0023
Platforms: Linux, Windows, macOS
Collection Layer: Host
Contributors: Center for Threat-Informed Defense (CTID)
Version: 1.0
Created: 20 October 2021
Last Modified: 30 March 2022

Data Components

Named Pipe: Named Pipe Metadata

Contextual data about a named pipe on a system, including pipe name and creating process (ex: Sysmon EIDs 17-18)

Named Pipe: Named Pipe Metadata

Contextual data about a named pipe on a system, including pipe name and creating process (ex: Sysmon EIDs 17-18)

Domain ID Name Detects
Enterprise T1570 Lateral Tool Transfer

Monitor for contextual data about named pipes on the system.

References