Eoin Miller
10/24/2019, 2:28 AMosqueryi --config_path /var/osquery/osquery.conf --pack incident-response --json
Eighth query in the incident-response pack:
"alf": {
"query" : "select * from alf;",
...
"description" : "Retrieves the configuration values for the Application Layer Firewall for OSX.",
"value" : "Verify firewall settings are as restrictive as you need. Identify unwanted firewall holes made by malware or humans"
},
First output:
[ {"allow_signed_enabled":"1","firewall_unload":"0","global_state":"0","logging_enabled":"1","logging_option":"0","stealth_enabled":"0","version":"1.6"}
]
Jams
10/26/2019, 4:57 AM