Thanks for my first PR into osquery first into an open sourc

Question

Thanks for my first PR into osquery first into an open source project in general actually Even though it was a tiny thing and fairly inconsequential

alessandrogario · Answer

I think it s great that we are getting PRs on the query packs smile Your changes are really useful I wish we had more people like you helping out on this front

Ben Montour · Answer

I can continue to update those as I find useful data for them My programming skills are weak but I can write queries without issue It seems a lot of them haven t been updated in a while so I can go through and start to refresh some of them that need it I like them because they help out the community as a whole installed on all clients by default slightly smiling face

alessandrogario · Answer

I am terrible at writing queries but decent at C++ this is why I never contribute to the query packs because I can only make them worse neutral face

alessandrogario · Answer

But I can see they have been neglected for a while disappointed

Ben Montour · Answer

well we can all play to our strengths then

Ben Montour · Answer

I m not sure how prevalent osquery is in healthcare environments but I was thinking last night about ways to monitor for UNC1878 indicators Not sure how useful that would be or not

Ben Montour · Answer

based on all the warnings and guidance that was released yesterday

Ben Montour · Answer

I don t know how useful that would be though since by the time osquery see s it it s already on their machine s or network

alessandrogario · Answer

I don t have data on it either but detection is always good I think

Ben Montour · Answer

Ben Montour · Answer

IoCs for UNC1878