Hey all! Anyone have a good collection of queries that can recommend? I've added the standard collection from Fleet, but I was just wondering if anyone has a good recommendation? We're doing a small test using fleet on a small subset of production Macs soon, so I want to get a good set of common queries imported

Hi Rupert - here's a couple of sets for you - the Palantir looks like it will be easier to ingest since they are already in yaml format for easy importing - the osquery-defense-kit doesn't have that, unless I missed it somehow: https://github.com/chainguard-dev/osquery-defense-kit https://github.com/palantir/osquery-configuration/tree/master/Fleet

It's not organised but there is quite a few buried in this star listing https://github.com/stars/toliver38/lists/detection-content Palantir set is a good one. https://github.com/whichbuffer/eiq-community-exchange - old but includes some of the palantir queries