https://github.com/osquery/osquery logo
Title
g

groob

05/07/2018, 7:40 PM
a chrome_history table, huh
d

defensivedepth

05/08/2018, 1:06 AM
Did I miss something? Is this being proposed as a new table?
g

groob

05/08/2018, 1:27 AM
Nah it’s from the link right above from the spell folks
d

defensivedepth

05/08/2018, 1:39 AM
Thanks, I see it now....
s

spell - rajesh

05/08/2018, 6:46 AM
The tables are configurable. Data visibility from edr platforms should not be available for misuse. Organizations have been deploying web proxy solutions with full visibility into per user browsing.
o

OpenPlgx

05/08/2018, 7:57 AM
it was discussed earlier too... https://github.com/facebook/osquery/issues/1691
c

clippy

05/08/2018, 5:56 PM
@spell - rajesh personally I don't buy the "just because its been done before makes it ok" argument, but again, its just personal opinion. I hate web proxies for the exact same reason 🙂
d

Dennis

05/08/2018, 6:16 PM
The majority of customer's we've talked to would be opposed to this table. The security value is minimal and the privacy concerns are immense. I mean, if you're going to inspect user's web traffic, then you mine as well look at the entire HTTP request and not just the browser history. At least then you have data that can be applied for real security use-cases - with the same level of privacy degradation.
s

spell - rajesh

05/09/2018, 12:54 AM
thanks. Taking note of how community feels. Will talk internally about disabling some of these tables by default. In fact we have tables for all major browsers now. Since we come from FireEye / Mandiant background we try to bring in what IR tools collect during triages.