Thanks for my first PR into osquery, first into an...
# generalb
Ben Montour
10/28/2020, 10:42 AMThanks for my first PR into osquery, first into an open source project in general actually. Even though it was a tiny thing and fairly inconsequential.
🎉 8
🍻 1
🦜 2
👍 1
a
alessandrogario
10/29/2020, 1:47 PM
I think it's great that we are getting PRs on the query packs! 😄 Your changes are really useful, I wish we had more people like you helping out on this front!
b
Ben Montour
10/29/2020, 1:52 PMI can continue to update those as I find useful data for them. My programming skills are weak, but I can write queries without issue. It seems a lot of them haven't been updated in a while, so I can go through and start to refresh some of them that need it. I like them because they help out the community as a whole, installed on all clients by default. 🙂
❤️ 2
a
alessandrogario
10/29/2020, 1:58 PM
I am terrible at writing queries, but decent at C++; this is why I never contribute to the query packs because I can only make them worse 😐
alessandrogario
10/29/2020, 1:59 PM
But I can see they have been neglected for a while 😞
b
Ben Montour
10/29/2020, 1:59 PMwell we can all play to our strengths then!
💯 1
Ben Montour
10/29/2020, 2:06 PMI'm not sure how prevalent osquery is in healthcare environments, but I was thinking last night about ways to monitor for UNC1878 indicators. Not sure how useful that would be or not
Ben Montour
10/29/2020, 2:06 PMbased on all the warnings and guidance that was released yesterday
Ben Montour
10/29/2020, 2:09 PMI don't know how useful that would be though, since by the time osquery see's it, it's already on their machine/s or network
a
alessandrogario
10/29/2020, 2:12 PM
I don't have data on it either, but detection is always good I think!
b
Ben Montour
10/29/2020, 2:13 PMBen Montour
10/29/2020, 2:13 PMIoCs for UNC1878
2 Views