https://github.com/osquery/osquery logo
#macos
Title
c

Cassio

05/24/2023, 6:43 PM
hi, is there any known issues related with osquery agent in MacOS that could lead into false positivies from osx-attacks.conf library enabled? since randomly alerts have been generated during the latest security updates from Apple during the last 45 days? anyone had similar issues?
k

Kiwito

05/29/2023, 9:42 PM
Hi Cassio, sorry for late reply. First of all, that pack file has a lot of queries. So, if you can more specific with some names we can try to help you. BUT If I recall correctly; • Most of the queries in that pack are quite specific, • A few false positives may be normal. • I suggest you to investigate deeply unless you did until now 🙂 Feel free to ping again.
2 Views