JanRC
10/21/2022, 10:24 AMwennan.he
10/21/2022, 7:18 PMTyson Supasatit
10/21/2022, 10:04 PMwennan.he
10/24/2022, 7:26 AMwennan.he
10/24/2022, 6:24 PMGregory Storme
10/25/2022, 11:28 AM{"component":"http","err":": Authentication required","internal":"authentication error: invalid orbit node key","level":"info","path":"/api/fleet/orbit/config"
slevchenko
10/26/2022, 12:25 PMslevchenko
10/26/2022, 12:35 PMDaniel Cross
10/27/2022, 4:26 AMChange detection solutions, such as file integrity monitoring (FIM) tools, control changes, additions, and deletions of critical files and notify authorized personnel when these changes are detected.
Not so sure about 11.4, might need some work on our network level to meet that one 🤔
Keen to hear peoples experience (no sales pitches at this stage pls)Karthick
10/27/2022, 11:21 AMwennan.he
10/27/2022, 6:36 PMnamali
10/27/2022, 6:39 PMBrandon Mesa
10/27/2022, 6:56 PMsudo /opt/osquery/lib/osquery.app/Contents/MacOS/osqueryd --config_path=/var/osquery/osquery.conf --disable_events=false --disable_endpointsecurity=false --enable_file_events=true
Password:
E1027 14:51:56.195858 -267033344 shutdown.cpp:79] Cannot activate filesystem logger plugin: Could not create file: /var/log/osquery/osqueryd.results.log
E1027 14:51:59.188417 1806135296 shutdown.cpp:79] Worker returned exit status
Brandon Mesa
10/27/2022, 7:40 PM-> % tail -f /var/log/osquery/osqueryd.INFO
Log file created at: 2022/10/27 15:14:11
Running on machine: Brandons-MacBook-Pro-2.local
Running duration (h:mm:ss): 0:00:00
Log line format: [IWEF]yyyymmdd hh:mm:ss.uuuuuu threadid file:line] msg
I1027 15:14:11.117659 -267033344 eventfactory.cpp:156] Event publisher not enabled: endpointsecurity: EndpointSecurity client lacks user TCC permissions
Brandon Mesa
10/27/2022, 7:41 PMEndpointSecurity client lacks user TCC permissions
?Adam Kuncewitch
10/29/2022, 4:24 AMMystery Incorporated
10/30/2022, 12:03 AMMystery Incorporated
10/30/2022, 12:09 AMalessandrogario
alessandrogario
Gavin
10/30/2022, 2:32 PMWinlogbeat
& Filebeat
the whole Beats
ecosystem is a nice use case as to why large monolithic data collectors and agents are overall not what the industry wants or needs.HarlanF
11/01/2022, 12:11 AMseph
Brandon Mesa
11/01/2022, 6:45 PMJason Roberts
11/02/2022, 12:26 AMPatrick
11/02/2022, 12:06 PMHugh (Zercurity)
11/02/2022, 12:17 PMdefensivedepth
11/02/2022, 7:11 PMpeanut butter
11/02/2022, 7:36 PMK
11/02/2022, 9:53 PMdata
for this query:
SELECT l.port, group_concat(DISTINCT l.port) AS 'data'
FROM listening_ports AS l
WHERE l.address != "127.0.0.1"
I also see only one port, exptected 2 ports