slevchenko
11/14/2022, 9:57 AMalessandrogario
slevchenko
11/14/2022, 1:00 PMalessandrogario
slevchenko
11/14/2022, 1:24 PMalessandrogario
slevchenko
11/14/2022, 1:24 PMalessandrogario
slevchenko
11/14/2022, 1:25 PMalessandrogario
slevchenko
11/14/2022, 1:26 PMalessandrogario
slevchenko
11/14/2022, 1:30 PMalessandrogario
slevchenko
11/14/2022, 1:32 PMalessandrogario
slevchenko
11/14/2022, 1:42 PMalessandrogario
slevchenko
11/14/2022, 1:48 PMalessandrogario
slevchenko
11/14/2022, 1:50 PMalessandrogario
slevchenko
11/14/2022, 1:53 PMalessandrogario
slevchenko
11/14/2022, 1:53 PMalessandrogario
slevchenko
11/14/2022, 1:57 PMalessandrogario
slevchenko
11/14/2022, 2:00 PMalessandrogario
slevchenko
11/14/2022, 2:03 PMalessandrogario
slevchenko
11/14/2022, 2:11 PMseph
alessandrogario
seph
Last quick question. Do you know if there’s any way to route osquery logs to unix socket without writing your own logger plugin ?Not sure. Does it work if you point the logger path at the socket, or is it fussy about it not being a plain file? Otherwise, probably plugin terratory. Wouldn’t be a hard one though
slevchenko
11/15/2022, 3:43 PMseph
Would there be any issue from the TSC regarding in-core DNS monitoring functionality?I mean, what do you think? 😄 My initial feeling is that it might be okay, but we should think about how to disable it. The biggest issue with that old ja3 plugin was that it felt insolvably insecure, not that we were opposed theoretically.
slevchenko
11/15/2022, 3:45 PMalessandrogario