RepoMirrors/osquery-defense-kit
1
0
Fork 0
mirror of https://github.com/chainguard-dev/osquery-defense-kit synced 2025-02-09 14:06:53 +00:00
Code Issues Packages Projects Releases Wiki Activity

Raise bps limit, add exception for systemd

Browse Source
This commit is contained in:
Thomas Stromberg 2022-10-21 11:46:17 -04:00
parent ed6f37e11b
commit 515f51daa6
Failed to extract signature
1 changed files with 2 additions and 1 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

3
detection/exfil/high_disk_bytes_read.sql
View File

@ -26,7 +26,7 @@ FROM
processes p
LEFT JOIN hash ON p.path = hash.path
WHERE
bytes_per_second > 2000000
bytes_per_second > 2500000
AND age > 180
AND p.path NOT LIKE '/Applications/%.app/Contents/%'
AND p.path NOT LIKE '/System/Library/%'
@ -45,6 +45,7 @@ WHERE
'launcher',
'LogiFacecamService',
'nautilus',
'systemd',
'nessusd',
'nix',
'osqueryd',