hi, is there any known issues related with osquery agent in MacOS that could lead into false positivies from osx-attacks.conf library enabled? since randomly alerts have been generated during the latest security updates from Apple during the last 45 days? anyone had similar issues?

Hi Cassio, sorry for late reply. First of all, that pack file has a lot of queries. So, if you can more specific with some names we can try to help you. BUT If I recall correctly; • Most of the queries in that pack are quite specific, • A few false positives may be normal. • I suggest you to investigate deeply unless you did until now 🙂 Feel free to ping again.