| Current Path : /opt/osquery/share/osquery/packs/ |
Linux gator3171.hostgator.com 4.19.286-203.ELK.el7.x86_64 #1 SMP Wed Jun 14 04:33:55 CDT 2023 x86_64 |
| Current File : //opt/osquery/share/osquery/packs/it-compliance.conf |
{
"queries": {
"osquery_info": {
"query" : "select * from time, osquery_info;",
"interval" : "86400",
"version" : "1.4.5",
"description" : "Retrieves the current version of the running osquery in the target system and where the configuration was loaded from.",
"value" : "Identify if your infrastructure is running the correct osquery version and which hosts may have drifted"
},
"ad_config": {
"query" : "select * from ad_config;",
"interval" : "86400",
"platform" : "darwin",
"version" : "1.4.5",
"description" : "Retrieves the Active Directory configuration for the target machine, attached to the domain (requires sudo).",
"value" : "Helps you debug domain binding / Active Directory issues in your environment."
},
"kernel_info": {
"query" : "select * from kernel_info;",
"interval" : "86400",
"version" : "1.4.5",
"description" : "Retrieves information from the current kernel in the target system.",
"value" : "Identify out of date kernels or version drift across your infrastructure"
},
"os_version": {
"query" : "select * from os_version;",
"interval" : "86400",
"version" : "1.4.5",
"description" : "Retrieves information from the Operative System where osquery is currently running.",
"value" : "Identify out of date operating systems or version drift across your infrastructure"
},
"alf": {
"query" : "select * from alf;",
"interval" : "86400",
"platform" : "darwin",
"version" : "1.4.5",
"description" : "Retrieves the configuration values for the Application Layer Firewall for OSX.",
"value" : "Verify firewall settings are as expected"
},
"alf_exceptions": {
"query" : "select * from alf_exceptions;",
"interval" : "86400",
"platform" : "darwin",
"version" : "1.4.5",
"description" : "Retrieves the exceptions for the Application Layer Firewall in OSX.",
"value" : "Verify firewall settings are as expected"
},
"alf_services": {
"query" : "select * from alf_services;",
"interval" : "86400",
"platform" : "darwin",
"version" : "1.4.5",
"description" : "Retrieves the services for the Application Layer Firewall in OSX.",
"value" : "Verify firewall settings are as expected"
},
"alf_explicit_auths": {
"query" : "select * from alf_explicit_auths;",
"interval" : "86400",
"platform" : "darwin",
"version" : "1.4.5",
"description" : "Retrieves the list of processes with explicit authorization for the Application Layer Firewall.",
"value" : "Verify firewall settings are as expected"
},
"mounts": {
"query" : "select * from mounts;",
"interval" : "86400",
"version" : "1.4.5",
"description" : "Retrieves the current list of mounted drives in the target system.",
"value" : "Verify if mounts are accessible to those who need it"
},
"nfs_shares": {
"query" : "select * from nfs_shares;",
"interval" : "86400",
"platform" : "darwin",
"version" : "1.4.5",
"description" : "Retrieves the current list of Network File System mounted shares.",
"value" : "Verify if shares are accessible to those who need it"
},
"windows_shared_resources": {
"query" : "select * from shared_resources;",
"interval" : "86400",
"platform" : "windows",
"version" : "2.0.0",
"description" : "Retrieves the list of shared resources in the target Windows system.",
"value" : "General security posture."
},
"browser_plugins": {
"query" : "select * from users join browser_plugins using (uid);",
"interval" : "86400",
"platform" : "darwin",
"version" : "1.4.5",
"description" : "Retrieves the list of C/NPAPI browser plugins in the target system.",
"value" : "General security posture."
},
"safari_extensions": {
"query" : "select * from users join safari_extensions using (uid);",
"interval" : "86400",
"platform" : "darwin",
"version" : "1.4.5",
"description" : "Retrieves the list of extensions for Safari in the target system.",
"value" : "General security posture."
},
"chrome_extensions": {
"query" : "select * from users join chrome_extensions using (uid);",
"interval" : "86400",
"version" : "1.4.5",
"description" : "Retrieves the list of extensions for Chrome in the target system.",
"value" : "General security posture."
},
"firefox_addons": {
"query" : "select * from users join firefox_addons using (uid);",
"interval" : "86400",
"platform" : "darwin",
"version" : "1.4.5",
"description" : "Retrieves the list of addons for Firefox in the target system.",
"value" : "General security posture."
},
"homebrew_packages": {
"query" : "select * from homebrew_packages;",
"interval" : "86400",
"platform" : "darwin",
"version" : "1.4.5",
"description" : "Retrieves the list of brew packages installed in the target OSX system.",
"value" : "General security posture."
},
"windows_programs": {
"query" : "select * from programs;",
"interval" : "86400",
"platform" : "windows",
"version" : "2.0.0",
"description" : "Retrieves the list of products as they are installed by Windows Installer in the target Windows system.",
"value" : "General security posture."
},
"windows_patches": {
"query" : "select * from patches;",
"interval" : "86400",
"platform" : "windows",
"version" : "2.2.0",
"description" : "Retrieves all the information for the current windows drivers in the target Windows system."
},
"package_receipts": {
"query" : "select * from package_receipts;",
"interval" : "86400",
"platform" : "darwin",
"version" : "1.4.5",
"description" : "Retrieves all the PKG related information stored in OSX.",
"value" : "General security posture."
},
"usb_devices": {
"query" : "select * from usb_devices;",
"interval" : "86400",
"platform" : "posix",
"version" : "1.4.5",
"description" : "Retrieves the current list of USB devices in the target system.",
"value" : "General security posture."
},
"keychain_items": {
"query" : "select * from keychain_items;",
"interval" : "86400",
"platform" : "darwin",
"version" : "1.4.5",
"description" : "Retrieves all the items contained in the keychain in the target OSX system.",
"value" : "General security posture."
},
"deb_packages": {
"query" : "select * from deb_packages;",
"interval" : "86400",
"platform" : "ubuntu",
"version" : "1.4.5",
"description" : "Retrieves all the installed DEB packages in the target Linux system.",
"value" : "General security posture."
},
"apt_sources": {
"query" : "select * from apt_sources;",
"interval" : "86400",
"platform" : "ubuntu",
"version" : "1.4.5",
"description" : "Retrieves all the APT sources to install packages from in the target Linux system.",
"value" : "General security posture."
},
"portage_packages": {
"query" : "select * from portage_use;",
"interval" : "86400",
"platform" : "gentoo",
"version" : "2.0.0",
"description" : "Retrieves all the packages installed with portage from the target Linux system.",
"value" : "General security posture."
},
"kernel_modules": {
"query" : "select * from kernel_modules;",
"interval" : "86400",
"platform" : "linux",
"version" : "1.4.5",
"description" : "Retrieves the current list of loaded kernel modules in the target Linux system.",
"value" : "General security posture."
},
"windows_drivers": {
"query" : "select * from drivers;",
"interval" : "86400",
"platform" : "windows",
"version" : "2.2.0",
"description" : "Retrieves all the information for the current windows drivers in the target Windows system."
},
"rpm_packages": {
"query" : "select * from rpm_packages;",
"interval" : "86400",
"platform" : "linux",
"version" : "1.4.5",
"description" : "Retrieves all the installed RPM packages in the target Linux system.",
"value" : "General security posture."
},
"installed_applications": {
"query" : "select * from apps;",
"interval" : "86400",
"platform" : "darwin",
"version" : "1.4.5",
"description" : "Retrieves all the currently installed applications in the target OSX system.",
"value" : "Find currently installed applications and versions of each."
},
"disk_encryption": {
"query" : "select * from disk_encryption;",
"interval" : "86400",
"version" : "1.4.5",
"platform" : "posix",
"description" : "Retrieves the current disk encryption status for the target system.",
"value" : "Identifies a system potentially vulnerable to disk cloning."
},
"launchd": {
"query" : "select * from launchd;",
"interval" : "86400",
"platform" : "darwin",
"version" : "1.4.5",
"description" : "Retrieves all the daemons that will run in the start of the target OSX system.",
"value" : "Visibility on what starts in the system."
},
"iptables": {
"query" : "select * from iptables;",
"interval" : "86400",
"platform" : "linux",
"version" : "1.4.5",
"description" : "Retrieves the current filters and chains per filter in the target system.",
"value" : "General security posture."
},
"sip_config": {
"query" : "select * from sip_config;",
"interval" : "86400",
"platform" : "darwin",
"version" : "1.7.0",
"description" : "Retrieves the current System Integrity Protection configuration in the target system.",
"value" : "General security posture."
}
}
}