Channels
android_tests
apple-silicon
arm-architecture
auditing-warroom
aws
carving
code-review
community-feeds
core
darkbytes
doorman
ebpf
eclecticiq-polylogyx-extension
extensions
file-carving
fim
fleet
fleet-dev
fleetosquery
foundation
fuzzing
general
golang
goquery
infrastructure
jobs
kolide
linen-dev
linux
macos
officehours
osctrl
plugins
process-auditing
querycon
queryhub
random
selfgroup
sql
tls
uptycs
vendor-feeds
website
windows
zeek
zentral
zercurity
Powered by
Title
b
Brandon Mesa
02/22/2023, 5:23 PM
Hello everyone! is there a way to query openBSM Audit logs with osquery? I would like to see file access activity (read/open) as well as group management activity (create/delete/etc)
z
zwass
02/22/2023, 6:43 PM
Maybe the
user_events
table gives you the group management? On Linux there is also
https://osquery.readthedocs.io/en/stable/deployment/file-integrity-monitoring/#file-accesses-linux-only
but it doesn't use openBSM.
7 Views
#general
Join Slack