osquery-defense-kit/unexpected-gatekeeper-approvals.sql at c6797e34965409eaffaf0060ae042a22c9af35a2 - osquery-defense-kit - RedXen Git

RepoMirrors/osquery-defense-kit

mirror of https://github.com/chainguard-dev/osquery-defense-kit synced 2024-12-13 09:34:34 +00:00

Thomas Stromberg c6797e3496

Reorganize paths, tune queries a bit

2022-09-09 12:51:52 -04:00

5 lines

163 B

SQL

Raw Blame History

 -- -- https://posts.specterops.io/hunting-for-bad-apples-part-2-6f2d01b1f7d3
 SELECT * FROM gatekeeper_approved_apps
 WHERE
 path NOT LIKE "/Users/%/code/bin/protoc"