Built off the open source project Osquery
Description: Looks for the TeamViewer service running on machines. This is used often when attackers gain access to a machine, running TeamViewer to allow them to access a machine.
What The Data Shows: TeamViewer running on a machine.
SQL:
SELECT display_name,status,s.pid,p.path
FROM services AS s
JOIN processes AS p USING(pid)
WHERE s.name LIKE "%teamviewer%";
Copyright © 2005-2023 Broadcom. All Rights Reserved. The term “Broadcom” refers to Broadcom Inc. and/or its subsidiaries.