Built off the open source project Osquery
Description: Lists all loaded Kernel modules on a system and which account uses it.
What The Data Shows: Comparing to reference list of loaded modules, run this can easily determine malicious modules.
SQL:
SELECT name, used_by, status from kernel_modules
WHERE status="Live";
Copyright © 2005-2023 Broadcom. All Rights Reserved. The term “Broadcom” refers to Broadcom Inc. and/or its subsidiaries.