Problem
When something feels off, you don’t want ten dashboards. You want one blunt answer: what is this machine talking to right now?
Why it matters
Unexpected outbound traffic is an early signal: compromise, exfil, misconfig, or “that agent you forgot existed”. Speed matters.
What it does
- Enumerates active network connections
- Maps connections to PID / process name (where possible)
- Refreshes repeatedly for live triage
Use cases that triggered it
- Incident triage: isolate weird outbound connections before they become a story.
- Validation: confirm tooling connects only to expected endpoints.
- Hygiene: find background agents and “silent” updaters.
Safe use & controls
- Use least privilege; elevate only if required for process mapping.
- Sanitize IPs/hostnames before sharing outside your org.
- In regulated environments, treat outputs as Confidential operational data.
Limitations
- Hostname resolution can be incomplete; busy systems get noisy.
- Not a replacement for EDR — it’s a fast flashlight.