osquery-defense-kit/socket_events.sql at 8237521d0d9bc01fd6475e7e97b39176b85de5a8 - osquery-defense-kit - RedXen Git

RepoMirrors/osquery-defense-kit

mirror of https://github.com/chainguard-dev/osquery-defense-kit synced 2024-12-18 03:54:30 +00:00

Thomas Stromberg 6aab8fdfb6

Add events and extra tags to relevant event-based queries

2024-09-24 15:36:03 -04:00

12 lines

184 B

SQL

Raw Blame History

 -- Return the list of socket events
 --
 -- tags: postmortem events extra
 -- platform: posix
 -- interval: 600
 SELECT
   *
 FROM
   socket_events
 WHERE
   time > (strftime('%s', 'now') -600)