CSEC_PUBLIC/securityonion
1
0
Fork 0
mirror of https://github.com/Security-Onion-Solutions/securityonion.git synced 2026-05-01 17:07:50 +02:00
Code Issues Packages Projects Releases Wiki Activity

osquery updates and fixes

Browse Source
This commit is contained in:
Josh Brower
2020-04-02 08:28:22 -04:00
parent fd2b35dd21
commit 1ca290c766
12 changed files with 189 additions and 160 deletions
Download Patch File Download Diff File Expand all files Collapse all files
salt/fleet/files/packs/palantir/Fleet/Endpoints/options.yaml
+2 -11
View File
@@ -3,17 +3,9 @@ kind: options
spec:
config:
decorators:
always:
load:
- SELECT uuid AS host_uuid FROM system_info;
- SELECT hostname AS hostname FROM system_info;
- SELECT codename FROM os_version;
- SELECT uuid AS LiveQuery FROM system_info;
- SELECT address AS EndpointIP1 FROM interface_addresses where address not
like '%:%' and address not like '127%' and address not like '169%' order by
interface desc limit 1;
- SELECT address AS EndpointIP2 FROM interface_addresses where address not
like '%:%' and address not like '127%' and address not like '169%' order by
interface asc limit 1;
- SELECT hardware_serial FROM system_info;
file_paths:
binaries:
- /usr/bin/%%
@@ -29,7 +21,6 @@ spec:
efi:
- /System/Library/CoreServices/boot.efi
options:
decorations_top_level: true
disable_distributed: false
disable_tables: windows_events
distributed_interval: 10