osqtool issues

Results 2 osqtool issues

Sort by recently updated

Allow some sort of templating and/or file inclusion

Many queries contain false positives in certain environments. `osqtool` should offer a way to encode false positives specific to that environment, but allow a working query to be shared. One...

tstromberg

pack: "\n" in queries is converted to newlines, creating invalid JSON

This query isn't packing properly: https://github.com/chainguard-dev/osquery-defense-kit/blob/main/detection/persistence/suspicious-systemd-unit.sql Example output - look for `$blank`: ``` "suspicious-systemd-unit": { "query": "SELECT file.path, file.size, file.btime, file.ctime, file.mtime, hash.sha256, yara.* FROM file JOIN yara ON file.path...

tstromberg

osqtool
osqtool copied to clipboard

Metadata

Allow some sort of templating and/or file inclusion

pack: "\n" in queries is converted to newlines, creating invalid JSON

← Metadata

Owner

Metadata

osqtool osqtool copied to clipboard

Metadata

Allow some sort of templating and/or file inclusion

pack: "\n" in queries is converted to newlines, creating invalid JSON

← Metadata

Owner

Metadata

osqtool
osqtool copied to clipboard