mirror of
https://github.com/chainguard-dev/osquery-defense-kit
synced 2024-12-15 18:44:32 +00:00
Switch interval back to 300
This commit is contained in:
parent
5db432b2c6
commit
09601ed3f0
@ -49,7 +49,7 @@ FROM process_events pe
|
||||
LEFT JOIN signature ON pp.path = signature.path
|
||||
LEFT JOIN signature esignature ON ppe.path = esignature.path
|
||||
WHERE pe.path = '/usr/bin/xattr'
|
||||
AND pe.time > (strftime('%s', 'now') -30000)
|
||||
AND pe.time > (strftime('%s', 'now') -300)
|
||||
AND cmd != '/usr/bin/xattr -d com.apple.quarantine /Applications/1Password.app'
|
||||
AND NOT (
|
||||
pe.euid > 500
|
||||
|
Loading…
Reference in New Issue
Block a user