#
osquery
Here are 63 public repositories matching this topic...
A repository for using osquery for incident detection and response
-
Updated
Apr 6, 2020
ghost
commented
Nov 19, 2018
I am looking for how to install and use PULSAR for FIM monitoring ,
The repo has been changed three times from the looks to what it is now. And from the look it looks like this has gone to the standalone app called hubble , but I don't see anyway to run, execute , or configure pulsar in hubble.
Here is the documentation , let me know which should I be following for this.
groob
commented
Feb 28, 2018
#187 introduced a debug server, but documentation on how to use it is missing.
avcarrillo
commented
Aug 29, 2019
While trying to track down a memory leak with my extension, I found there is a race condition.
When running the example and using the -race flag with go run, there is a race condition
C:\Users..\go\src\test\osquery>go run -race main.go \.\pipe\osquery.em
WARNING: DATA RACE
Read at 0x00c0000c6960 by goroutine 10:
git.apache.org/thrift.git/lib/go/thrift.(*TStandardC
mike-myers-tob
commented
Aug 29, 2018
Should document how to run the tests.
arimb00r
commented
Feb 22, 2020
I 'm looking for documentation to install osctrl on ubuntu directly [not using docker]
DetectionLabELK is a fork from DetectionLab with ELK stack instead of Splunk.
-
Updated
Jul 2, 2020 - PowerShell
SIAC is an enterprise SIEM built on open-source technology.
aws
security
incident-response
elk
intrusion-detection
pci-dss
compliance
siem
osquery
fim
secdevops
wazuh
-
Updated
Oct 31, 2018
obelisk
commented
Nov 6, 2019
To switch between hosts you use the .connect command which means that it issues the validation query to pull hosts from the remote machine again.
Ideally this shouldn't happen as we already know what they are.
A community-oriented fork of osquery with support for cmake, public CI testing, and regular releases
-
Updated
Jul 19, 2019 - CMake
A simple threat hunting tool based on osquery, Salt Open and Cymon API
-
Updated
Jun 28, 2017 - Python
Simple Docker-based quickstart for osquery, Fleet, and ELK stack
-
Updated
Feb 3, 2020
Downchuck
commented
Aug 31, 2015
Apparently this can lead to many "/var/osquery/osquery.em.*" files and attempts address in use errors. This may only happen if the script is terminated unexpectedly (not sure).
A starter-kit for a source-controlled, CLI-based osquery management workflow.
-
Updated
Jun 1, 2018
Open
Enable syslog
sergiopatino
commented
May 27, 2017
In order to properly enable the syslog pipe we need to add --enable_syslog to /etc/osquery/osquery.flags. The current behavior add the rsyslog configuration but the pipe is not being created by osqueryd on startup because --enable_syslog is not part of the startup flags.
for now I'm adding this to my wrapper to resolve:
file '/etc/osquery/osquery.flags' do
content '--enable_syslog'
mod
Repository containing Jupyter Notebooks for working with OSQuery tables and data
-
Updated
May 8, 2020 - HTML
konklone
commented
Sep 2, 2017
I took screenshots of all the typo/grammar/capitalization issues I noticed during installation.
<img width="443" alt="screen shot 2017-09-01 at 1 21 07 pm" src="https://user-images.githubusercontent.com/4592/29996395-a22e0f54-8fcb
-
Updated
Sep 6, 2018 - Go
OSQuery GraphQL web service.
-
Updated
Jul 30, 2017 - Python
Improve this page
Add a description, image, and links to the osquery topic page so that developers can more easily learn about it.
Add this topic to your repo
To associate your repository with the osquery topic, visit your repo's landing page and select "manage topics."
Our mysql database requires
allowCleartextPasswords=1, is it possible to add a flag to enable this or maybe allow custom options to be passed to the dsn creation?