Channels
doorman
zercurity
infrastructure
code-review
queryhub
apple-silicon
carving
goquery
aws
querycon
golang
file-carving
fuzzing
help-proxy
darkbytes
process-auditing
general
windows
random
fleet-dev
tls
fim
awallaby
zentral
zeek
auditing-warroom
linen-dev
fleetosquery
plugins
jobs
arm-architecture
uptycs
android_tests
selfgroup
vendor-feeds
fleet
eclecticiq-polylogyx-extension
ebpf
website
core
macos
kolide
osctrl
extensions
foundation
sql
officehours
linux
community-feeds
Powered by
#vendor-feeds
Title
# vendor-feeds
m
Martin Rutkowski
05/13/2022, 8:39 AM
https://blogs.vmware.com/security/2022/05/leveling-up-with-osquery-answering-your-questions-with-vmware-carbon-black-cloud-audit-remediation.html
a
allister
05/13/2022, 9:44 AM
oooh, I like this regex-y one
https://carbonblack.vmware.com/blog/leveling-osquery-workloads-using-regular-expressions-regex-queries%C2%A0
💪 1
👍 1
m
Martin Rutkowski
06/09/2022, 11:28 AM
@allister
FYI:
https://blogs.vmware.com/security/2022/05/leveling-up-with-osquery-answering-your-questions-with-vmware-carbon-black-cloud-audit-remediation.html
Jon is doing alot of stuff around this topic 🙂 •
Leveling Up with osquery for Workloads blog series
•
Leveling Up with osquery for Workloads: Identifying and Contextualizing Windows Logon Failures
•
Leveling Up with osquery for Workloads: Locating local administrator accounts (windows)
•
Leveling Up with osquery for Workloads: Determining Free Disk Space on Linux & macOS
•
Leveling up with osquery for Workloads: Check for weak authentication types (LM/NTLM)
2 Views
Post