RepoMirrors/osquery-defense-kit
1
0
Fork 0
mirror of https://github.com/chainguard-dev/osquery-defense-kit synced 2025-01-26 23:32:47 +00:00
Code Issues Packages Projects Releases Wiki Activity

Decrease download limits to begin with

Browse Source
This commit is contained in:
Thomas Stromberg 2023-06-02 18:03:44 -04:00
parent c2ce0ce7d7
commit 37ce71b94f
2 changed files with 2 additions and 2 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

2
detection/collection/excess-google-drive-downloads-macos.sql
View File

@ -23,4 +23,4 @@ WHERE
AND MAX(file.btime, file.ctime, file.mtime) > (strftime('%s', 'now') -604800)
-- "GROUP BY" should be unnecessary, but Kolide seems to require it
GROUP BY ea.key
HAVING total_size > (100*1024*1024) OR num_downloads > 5
HAVING total_size > (100*1024*1024) OR num_downloads > 4

2
detection/collection/excess-google-drive-folder-exports-macos.sql
View File

@ -20,4 +20,4 @@ WHERE
AND MAX(file.btime, file.ctime, file.mtime) > (strftime('%s', 'now') -604800)
-- "GROUP BY" should be unnecessary, but Kolide seems to require it
GROUP BY ea.key
HAVING total_size > (100*1024*1024) OR num_exports > 2
HAVING total_size > (100*1024*1024) OR num_exports > 1