RepoMirrors/osquery-defense-kit
1
0
Fork 0
mirror of https://github.com/chainguard-dev/osquery-defense-kit synced 2024-12-14 10:04:40 +00:00
Code Issues Packages Projects Releases Wiki Activity
39e9aee6eb
osquery-defense-kit/detection/evasion/unexpected-kernel-extensions-macos.sql
Thomas Stromberg d2bdffe89e
Add support for interval tags
2022-10-14 14:19:13 -04:00

18 lines
291 B
SQL
Raw Blame History

-- Find unexpected 3rd-party kernel extensions
--
-- false positives:
-- * none known
--
-- platform: darwin
-- tags: persistent seldom kernel
SELECT
*
FROM
kernel_extensions
WHERE
path NOT LIKE '/System/Library/Extensions/%'
AND NOT (
idx = 0
AND name = '__kernel__'
);
Reference in New Issue View Git Blame Copy Permalink