mirror of
https://github.com/Security-Onion-Solutions/securityonion.git
synced 2025-12-10 11:12:51 +01:00
29 lines
944 B
YAML
29 lines
944 B
YAML
apiVersion: v1
|
|
kind: query
|
|
spec:
|
|
name: users
|
|
description: Users on the system
|
|
query: select * from users;
|
|
---
|
|
apiVersion: v1
|
|
kind: query
|
|
spec:
|
|
name: chrome-extensions
|
|
description: Chrome extensions for all users on the system
|
|
query: select users.username,chrome_extensions.*,chrome_extensions.path from users cross join chrome_extensions using (uid) where identifier not in ('aapocclcgogkmnckokdopfmhonfmgoek', 'aohghmighlieiainnegkcijnfilokake', 'apdfllckaahabafndbhieahigkjlhalf','felcaaldnbdncclmgdcncolpebgiejap','pjkljhegncpnkpknbcohdijeoejaedia','pkedcjkdefgpdelpbcmbmeomcjbeemfm','blpcfgokakmgnkcojhhkbfbldkacnbeo','ghbmnnjooekpmoecnnnilnnbdlolhkhi','nmmhkkegccagdldgiimedpiccmgmieda');
|
|
---
|
|
apiVersion: v1
|
|
kind: pack
|
|
spec:
|
|
name: examples
|
|
targets:
|
|
labels:
|
|
- All Hosts
|
|
queries:
|
|
- query: users
|
|
interval: 180
|
|
removed: false
|
|
- query: chrome-extensions
|
|
interval: 180
|
|
removed: false
|