gist/osquery at main - gist - Because Security Code-Cave (private)

marius

gist

History

marius 25e1aa4d73 adding osquery file set		2023-04-24 17:07:07 +02:00
..
Readme.txt	adding osquery file set	2023-04-24 17:07:07 +02:00
configure_osquery.yaml	adding osquery file set	2023-04-24 17:07:07 +02:00
install_osquery.yaml	adding osquery file set	2023-04-24 17:07:07 +02:00
osquery.conf	adding osquery file set	2023-04-24 17:07:07 +02:00
osquery.flags	adding osquery file set	2023-04-24 17:07:07 +02:00
run.sh	adding osquery file set	2023-04-24 17:07:07 +02:00

Readme.txt

This is a lab file set to make osquery do the following


* detect hidden files and processes
* report new cron jobs
* ... cover parts of ATT&CK matrix, that make sense for the lab
  * detection engineering
* log the results as JSON
* Logrotate management