osquery-defense-kit

History

Thomas Stromberg d8e91bac63 Add missing files		2022-10-19 16:56:43 -04:00
..
README.md	Finish out the incident_response refactor	2022-10-19 16:19:53 -04:00
alf.sql	Finish out the incident_response refactor	2022-10-19 16:19:53 -04:00
alf_exceptions_macos.sql	Finish out the incident_response refactor	2022-10-19 16:19:53 -04:00
alf_explicit_auths_macos.sql	Finish out the incident_response refactor	2022-10-19 16:19:53 -04:00
alf_services.sql	Finish out the incident_response refactor	2022-10-19 16:19:53 -04:00
app_schemes.sql	Finish out the incident_response refactor	2022-10-19 16:19:53 -04:00
apps.sql	Finish out the incident_response refactor	2022-10-19 16:19:53 -04:00
block_devices.sql	Finish out the incident_response refactor	2022-10-19 16:19:53 -04:00
crontab.sql	Finish out the incident_response refactor	2022-10-19 16:19:53 -04:00
disk_encryption.sql	Finish out the incident_response refactor	2022-10-19 16:19:53 -04:00
dns_resolvers.sql	Finish out the incident_response refactor	2022-10-19 16:19:53 -04:00
docker_containers.sql	Finish out the incident_response refactor	2022-10-19 16:19:53 -04:00
docker_image_history.sql	Finish out the incident_response refactor	2022-10-19 16:19:53 -04:00
etc_hosts.sql	Finish out the incident_response refactor	2022-10-19 16:19:53 -04:00
event_taps_macos.sql	Finish out the incident_response refactor	2022-10-19 16:19:53 -04:00
gatekeeper_macos.sql	Finish out the incident_response refactor	2022-10-19 16:19:53 -04:00
ip_forwarding.sql	Finish out the incident_response refactor	2022-10-19 16:19:53 -04:00
iptables.sql	Finish out the incident_response refactor	2022-10-19 16:19:53 -04:00
kernel_modules_linux.sql	Finish out the incident_response refactor	2022-10-19 16:19:53 -04:00
kextstat_macos.sql	Finish out the incident_response refactor	2022-10-19 16:19:53 -04:00
last.sql	Finish out the incident_response refactor	2022-10-19 16:19:53 -04:00
launchd_macos.sql	Finish out the incident_response refactor	2022-10-19 16:19:53 -04:00
listening_ports.sql	Finish out the incident_response refactor	2022-10-19 16:19:53 -04:00
logged_in_users.sql	Finish out the incident_response refactor	2022-10-19 16:19:53 -04:00
loginwindow1.sql	Finish out the incident_response refactor	2022-10-19 16:19:53 -04:00
loginwindow2.sql	Finish out the incident_response refactor	2022-10-19 16:19:53 -04:00
loginwindow3.sql	Finish out the incident_response refactor	2022-10-19 16:19:53 -04:00
loginwindow4.sql	Finish out the incident_response refactor	2022-10-19 16:19:53 -04:00
mounts.sql	Finish out the incident_response refactor	2022-10-19 16:19:53 -04:00
open_files.sql	Finish out the incident_response refactor	2022-10-19 16:19:53 -04:00
open_sockets.sql	Add missing files	2022-10-19 16:56:43 -04:00
process_env.sql	Finish out the incident_response refactor	2022-10-19 16:19:53 -04:00
process_events.sql	Finish out the incident_response refactor	2022-10-19 16:19:53 -04:00
process_memory_map.sql	Finish out the incident_response refactor	2022-10-19 16:19:53 -04:00
processes.sql	Finish out the incident_response refactor	2022-10-19 16:19:53 -04:00
recent_items_macos.sql	Finish out the incident_response refactor	2022-10-19 16:19:53 -04:00
sandboxes_macos.sql	Finish out the incident_response refactor	2022-10-19 16:19:53 -04:00
shell_history.sql	Finish out the incident_response refactor	2022-10-19 16:19:53 -04:00
startup_items.sql	Finish out the incident_response refactor	2022-10-19 16:19:53 -04:00
suid_bin.sql	Finish out the incident_response refactor	2022-10-19 16:19:53 -04:00
systemd_units.sql	Finish out the incident_response refactor	2022-10-19 16:19:53 -04:00
users.sql	Finish out the incident_response refactor	2022-10-19 16:19:53 -04:00
wireless_networks_macos.sql	Finish out the incident_response refactor	2022-10-19 16:19:53 -04:00
xprotect_reports.sql	Finish out the incident_response refactor	2022-10-19 16:19:53 -04:00

README.md

The incident_response queries originate from the upstream osquery project:

https://github.com/osquery/osquery/blob/master/packs/incident-response.conf

Additional tables have been added and the intervals have been modified.