Dude, this is user browser history... I'm sorry i'...
# kolide
Dude, this is user browser history... I'm sorry i'm just not morally ok with helping you achieve that goal. What is your end goal? Perhaps there is a better way than enumerating websites people have visited in their browser.
Without a better source of logs at my disposal, this is how I was hoping to get a source of downloads for malicious files in the environment. Do you think there is a better way to achieve this with the tool?
Yes, check out ntfs_journal_events table and file integrity monitoring. You can monitor user default download folders for any downloads that way...and you can cross reference any hashes of those files later on if you need to.
https://blog.kolide.com/how-to-set-up-windows-file-integrity-monitoring-using-osquery-and-kolide-d5ac09db046b That is how to do it in our SaaS app but the basic premise is still there....
this is likely a better way to accomplish the end goal of looking for malicious downloads
Awesome, I will check this out and give it a shot. Thanks for getting back with me
macOS also has a FIM but the associated table is
if you need to do the same for Macs
this is likely better as well because it will capture all downloads no matter what browser they are coming from
you are welcome