Channels
doorman
infrastructure
random
zercurity
community-feeds
fleet-dev
code-review
queryhub
apple-silicon
carving
tls
fim
goquery
zentral
aws
querycon
golang
zeek
file-carving
fuzzing
auditing-warroom
linen-dev
fleetosquery
plugins
jobs
arm-architecture
darkbytes
process-auditing
uptycs
android_tests
selfgroup
vendor-feeds
fleet
eclecticiq-polylogyx-extension
ebpf
website
core
general
macos
kolide
osctrl
extensions
foundation
sql
officehours
linux
windows
Title
a
AoS
10/23/2019, 12:03 PMChecking network traffic at night, checking hashes for known processes running, looking for suspicious processes, registry indicators... these are all basic thing that can be very easily adjusted to each individual environment
f
FG
10/23/2019, 1:09 PMif you just want generic stuff i’d recommend https://github.com/hunters-forge/ThreatHunter-Playbook
many of the windows sysmon examples can be translated to osquery
t
Tim F.
10/24/2019, 7:36 PM@AoS did you look into the playbook? I am curious to learn what you've implemented. I'm trying to inventory production use cases.
j
Jams
10/26/2019, 4:53 AMIs there a Linux Threat hunting playbook? Or a dataset of Linux-specific malware similar to … https://github.com/endgameinc/ember
f
FG
10/26/2019, 11:54 AMI’ve developed many custom/internal things but nothing public afaik.