Skip to content

Cisco Orbital - Osquery queries by Talos

License

Unknown, GPL-2.0 licenses found

Licenses found

Unknown
LICENSE.md
GPL-2.0
LICENSE-GPL-2.0
Notifications You must be signed in to change notification settings

demonduck/osquery_queries

 
 

Folders and files

NameName
Last commit message
Last commit date

Latest commit

 

History

32 Commits
 
 
 
 
 
 
 
 
 
 
 
 

Repository files navigation

Cisco Talos Osquery queries

These queries are distributed in the hope that they will be useful, but WITHOUT ANY WARRANTY.

NOTE: This repository is still under construction.

About this Repository

This repository contains Osquery packs used to query for malware and threat related IoCs.

This project's goal is to provide Osquery packs that reflect the current threat landscape.

Repository Layout

All packs will reside under the packs directory. Each pack will be an appropriately named .conf file indicating its platform and type of queries contained.

Current packs available:

  • win_malware.conf

Using This Repository

It is recommended to run these queries/configurations in an isolated or lab environment before deploying.

Each query defaults to being run every 24 hours (86400). This value can be modified by changing the "interval" value under each query.

About

Cisco Orbital - Osquery queries by Talos

Resources

License

Unknown, GPL-2.0 licenses found

Licenses found

Unknown
LICENSE.md
GPL-2.0
LICENSE-GPL-2.0

Stars

Watchers

Forks

Releases

No releases published

Packages

No packages published