slevchenko
11/14/2022, 9:57 AMalessandrogario
11/14/2022, 12:57 PMslevchenko
11/14/2022, 1:00 PMalessandrogario
11/14/2022, 1:22 PMslevchenko
11/14/2022, 1:24 PMalessandrogario
11/14/2022, 1:24 PMslevchenko
11/14/2022, 1:24 PMalessandrogario
11/14/2022, 1:25 PMslevchenko
11/14/2022, 1:25 PMalessandrogario
11/14/2022, 1:26 PMslevchenko
11/14/2022, 1:26 PMalessandrogario
11/14/2022, 1:29 PMslevchenko
11/14/2022, 1:30 PMalessandrogario
11/14/2022, 1:31 PMslevchenko
11/14/2022, 1:32 PMalessandrogario
11/14/2022, 1:37 PMslevchenko
11/14/2022, 1:42 PMalessandrogario
11/14/2022, 1:47 PMslevchenko
11/14/2022, 1:48 PMalessandrogario
11/14/2022, 1:48 PMslevchenko
11/14/2022, 1:50 PMalessandrogario
11/14/2022, 1:50 PMslevchenko
11/14/2022, 1:53 PMalessandrogario
11/14/2022, 1:53 PMslevchenko
11/14/2022, 1:53 PMalessandrogario
11/14/2022, 1:54 PMslevchenko
11/14/2022, 1:57 PMalessandrogario
11/14/2022, 2:00 PMslevchenko
11/14/2022, 2:00 PMalessandrogario
11/14/2022, 2:01 PMslevchenko
11/14/2022, 2:03 PMalessandrogario
11/14/2022, 2:10 PMslevchenko
11/14/2022, 2:11 PMseph
11/15/2022, 3:41 PMalessandrogario
11/15/2022, 3:41 PMseph
11/15/2022, 3:42 PMLast quick question. Do you know if there’s any way to route osquery logs to unix socket without writing your own logger plugin ?Not sure. Does it work if you point the logger path at the socket, or is it fussy about it not being a plain file? Otherwise, probably plugin terratory. Wouldn’t be a hard one though
slevchenko
11/15/2022, 3:43 PMseph
11/15/2022, 3:43 PMWould there be any issue from the TSC regarding in-core DNS monitoring functionality?I mean, what do you think? 😄 My initial feeling is that it might be okay, but we should think about how to disable it. The biggest issue with that old ja3 plugin was that it felt insolvably insecure, not that we were opposed theoretically.
slevchenko
11/15/2022, 3:45 PMalessandrogario
11/15/2022, 4:53 PM