osquery-defense-kit/osquery.conf

# This is an example runnable osquery.conf. It does not enable eventing tables
#
# To use this, paste this stanza into your existing osquery.conf file, or use
# it interactively with:
#
# sudo osqueryi --config_path osquery.conf -A osquery_packs
#
# You can specify a pack to run using:
#
# sudo osqueryi --config_path osquery.conf --pack detection

{
  "packs": {
    "detection": "out/detection.conf",
    "incident-response": "out/incident-response.conf",
    "policy": "out/vulnerabilities.conf",
    "vulnerabilities": "out/vulnerabilities.conf"
  }
}
Add a runnable osquery.conf example 2023-03-04 18:03:30 +00:00			`# This is an example runnable osquery.conf. It does not enable eventing tables`
			`#`
			`# To use this, paste this stanza into your existing osquery.conf file, or use`
			`# it interactively with:`
			`#`
			`# sudo osqueryi --config_path osquery.conf -A osquery_packs`
			`#`
			`# You can specify a pack to run using:`
			`#`
			`# sudo osqueryi --config_path osquery.conf --pack detection`

			`{`
			`"packs": {`
Simplify makefile, reduce config targets to 4 2024-01-09 21:56:40 +00:00			`"detection": "out/detection.conf",`
			`"incident-response": "out/incident-response.conf",`
			`"policy": "out/vulnerabilities.conf",`
			`"vulnerabilities": "out/vulnerabilities.conf"`
Add a runnable osquery.conf example 2023-03-04 18:03:30 +00:00			`}`
			`}`