Our great sponsors
-
We had a close call with malvertising ourselves, so we wrote an osquery query to alert on .dmg/.iso/.pkg downloads from unknown sources:
https://github.com/chainguard-dev/osquery-defense-kit/blob/m...
This query should not be your only line of defense, but can provide an early heads up before the package is opened. You can deploy this query with Kolide, as it uses osquery under the hood.
It was once possible to have a query like this that worked on Linux using the user.xdg.origin.url extended file attribute, but Chromium dropped support for it in 2019 for privacy reasons: https://chromium.googlesource.com/chromium/src/+/a9b4fb70b43...
-
We had a close call with malvertising ourselves, so we wrote an osquery query to alert on .dmg/.iso/.pkg downloads from unknown sources:
https://github.com/chainguard-dev/osquery-defense-kit/blob/m...
This query should not be your only line of defense, but can provide an early heads up before the package is opened. You can deploy this query with Kolide, as it uses osquery under the hood.
It was once possible to have a query like this that worked on Linux using the user.xdg.origin.url extended file attribute, but Chromium dropped support for it in 2019 for privacy reasons: https://chromium.googlesource.com/chromium/src/+/a9b4fb70b43...
-
InfluxDB
Power Real-Time Data Analytics at Scale. Get real-time insights from all types of time series data with InfluxDB. Ingest, query, and analyze billions of data points in real-time with unbounded cardinality.
Related posts
- Agent event queue is flooded. Check the agent configuration
- Microsoft recommend Sysmon and EDR
- 0x4D31/awesome-threat-detection: A curated list of awesome threat detection and hunting resources
- invintory for linux.
- GitHub - 0x4D31/awesome-threat-detection: A curated list of awesome threat detection and hunting resources