osquery-defense-kit/incident_response/suid_bin.sql

-- Retrieves setuid-enabled executables in well-known paths
--
-- platform: posix
-- tags: postmortem
SELECT
  *
FROM
  suid_bin;
Finish out the incident_response refactor 2022-10-19 20:19:53 +00:00			`-- Retrieves setuid-enabled executables in well-known paths`
v0.0.1 2022-10-13 13:11:17 +00:00			`--`
			`-- platform: posix`
Finish out the incident_response refactor 2022-10-19 20:19:53 +00:00			`-- tags: postmortem`
			`SELECT`
Apply 'npx sql-formatter -l sqlite' 2022-10-17 23:06:17 +00:00			`*`
Finish out the incident_response refactor 2022-10-19 20:19:53 +00:00			`FROM`
Apply 'npx sql-formatter -l sqlite' 2022-10-17 23:06:17 +00:00			`suid_bin;`