RepoMirrors
/
osquery-defense-kit
mirror of https://github.com/chainguard-dev/osquery-defense-kit
1
0
Fork 0
Code Issues Packages Projects Releases Wiki Activity

Merge pull request #195 from tstromberg/rootkit-detection 

incident response: Add dump of /dev files
This commit is contained in:
Thomas Strömberg 2023-02-23 17:11:10 -05:00 committed by GitHub
parent c198de4133 c8ecc36079
commit 6eff54d7f3
No known key found for this signature in database
GPG Key ID: 4AEE18F83AFDEB23
1 changed files with 8 additions and 0 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

8
incident_response/files-dev.sql Normal file
View File

@ -0,0 +1,8 @@
-- Returns a list of file information from /dev (non-hidden only)
--
-- tags: postmortem
-- platform: posix
SELECT *
FROM file
JOIN hash ON file.path = hash.path
WHERE file.path LIKE "/dev/%%";