Channels
#general
Title
# general
b
Ben Montour
10/28/2020, 10:42 AMThanks for my first PR into osquery, first into an open source project in general actually. Even though it was a tiny thing and fairly inconsequential.
🎉 8
🍻 1
🦜 2
👍 1
a
alessandrogario
10/29/2020, 1:47 PM
I think it's great that we are getting PRs on the query packs! 😄 Your changes are really useful, I wish we had more people like you helping out on this front!
b
Ben Montour
10/29/2020, 1:52 PMI can continue to update those as I find useful data for them. My programming skills are weak, but I can write queries without issue. It seems a lot of them haven't been updated in a while, so I can go through and start to refresh some of them that need it. I like them because they help out the community as a whole, installed on all clients by default. 🙂
❤️ 2
a
alessandrogario
10/29/2020, 1:58 PM
I am terrible at writing queries, but decent at C++; this is why I never contribute to the query packs because I can only make them worse 😐
But I can see they have been neglected for a while 😞
b
Ben Montour
10/29/2020, 1:59 PMwell we can all play to our strengths then!
💯 1
I'm not sure how prevalent osquery is in healthcare environments, but I was thinking last night about ways to monitor for UNC1878 indicators. Not sure how useful that would be or not
based on all the warnings and guidance that was released yesterday
I don't know how useful that would be though, since by the time osquery see's it, it's already on their machine/s or network
a
alessandrogario
10/29/2020, 2:12 PM
I don't have data on it either, but detection is always good I think!
b
Ben Montour
10/29/2020, 2:13 PMIoCs for UNC1878
2 Views