Title
#general
seek3r

seek3r

11/29/2018, 1:43 PM
Do you have some sort of roadmap on when this code will be added and a release will be generated?
g

groob

11/29/2018, 1:50 PM
Rough estimate based on current code freeze/reworking of build system. January 2019. But cc @thor who’s working on the PR. Looks like some really nice changes indeed 😃
seek3r

seek3r

11/29/2018, 2:01 PM
Thanks, yeah I initially found some issues on where some process did not show the Image or directory
2:02 PM
and then I was pointed to that PR
2:02 PM
So hopefully those enhancements allow us to do deeper hunting 🙂
thor

thor

11/29/2018, 3:23 PM
Yeah that PR is pretty high pri for us also, once the PR freeze ends it’ll get landed 😃
3:23 PM
We are still working on the windows build with buck I believe, so holding off on Windows changes for a bit?
seek3r

seek3r

11/29/2018, 3:31 PM
Sure thing, @thor, since I'm working on threat hunting, we are building some queries that allow us to determine if legit process are running outside of their directory (aka process impersonation) but we can also check if more than one instance is running so that should cover our use cases
thor

thor

11/29/2018, 4:11 PM
Ah cool! That sounds pretty neat! Any chance you’ll be able to open source those queries?
u

钢铁侠

12/02/2018, 3:15 AM
We also use osquery to incident response,Intrusion detection,so I am pay attention to osquery's development.Maybe we can communicate with each other @seek3r
seek3r

seek3r

12/03/2018, 5:55 PM
Sure thing, we can opensource some of them. At the moment, the idea is to map them with MITRE ATT&CK so we can have a standard way to exchange information.
5:55 PM
We also need to put an eye on performance
5:55 PM
sounds like a plan @钢铁侠