Join Slack
Powered by
Hello everyone! is there a way to query openBSM Au...
# general
b
Brandon Mesa
02/22/2023, 5:23 PM
Hello everyone! is there a way to query openBSM Audit logs with osquery? I would like to see file access activity (read/open) as well as group management activity (create/delete/etc)
z
zwass
02/22/2023, 6:43 PM
Maybe the
user_events
table gives you the group management? On Linux there is also
https://osquery.readthedocs.io/en/stable/deployment/file-integrity-monitoring/#file-accesses-linux-only
but it doesn't use openBSM.
7
Views
Open in Slack
Previous
Next