mirror of
https://github.com/vxcontrol/soldr-modules.git
synced 2026-07-01 12:47:17 -04:00
4 lines
4.9 KiB
JSON
4 lines
4.9 KiB
JSON
{
|
|
"osquery_config": "{\n \"options\": {\n \"logger_plugin\": \"windows_event_log\"\n },\n \"schedule\": {\n \"system_info\": {\n \"query\": \"SELECT hostname, cpu_brand, physical_memory FROM system_info;\",\n \"interval\": 3600\n }\n },\n\n \"decorators\": {\n \"load\": [\n \"SELECT uuid AS host_uuid FROM system_info;\",\n \"SELECT user AS username FROM logged_in_users ORDER BY time DESC LIMIT 1;\"\n ]\n },\n\n // Add default osquery packs or install your own.\n //\n // There are several 'default' packs installed via\n // packages and/or Homebrew.\n //\n // Linux: /opt/osquery/share/osquery/packs\n // OS X: /var/osquery/packs\n // Homebrew: /usr/local/share/osquery/packs\n // make install: {PREFIX}/share/osquery/packs\n //\n \"packs\": {\n // \"osquery-monitoring\": \"/opt/osquery/share/osquery/packs/osquery-monitoring.conf\",\n // \"incident-response\": \"/opt/osquery/share/osquery/packs/incident-response.conf\",\n // \"it-compliance\": \"/opt/osquery/share/osquery/packs/it-compliance.conf\",\n // \"osx-attacks\": \"/var/osquery/packs/osx-attacks.conf\",\n // \"vuln-management\": \"/opt/osquery/share/osquery/packs/vuln-management.conf\",\n // \"hardware-monitoring\": \"/opt/osquery/share/osquery/packs/hardware-monitoring.conf\",\n // \"ossec-rootkit\": \"/opt/osquery/share/osquery/packs/ossec-rootkit.conf\",\n // \"windows-hardening\": \"C:\\\\Program Files\\\\osquery\\\\packs\\\\windows-hardening.conf\",\n // \"windows-attacks\": \"C:\\\\Program Files\\\\osquery\\\\packs\\\\windows-attacks.conf\"\n },\n\n // Provides feature vectors for osquery to leverage in simple statistical \n // analysis of results data. \n //\n // Currently this configuration is only used by Windows in the Powershell\n // Events table, wherein character_frequencies is a list of doubles \n // representing the aggregate occurrence of character values in Powershell \n // Scripts. A default configuration is provided which was adapated from \n // Lee Holmes cobbr project: \n // https://gist.github.com/cobbr/acbe5cc7a186726d4e309070187beee6\n // \n \"feature_vectors\": {\n \"character_frequencies\": [\n 0.0, 0.0, 0.0, 0.0, 0.0, 0.0, 0.0,\n 0.0, 0.0, 0.0, 0.0, 0.0, 0.0, 0.0,\n 0.0, 0.0, 0.0, 0.0, 0.0, 0.0, 0.0,\n 0.0, 0.0, 0.0, 0.0, 0.0, 0.0, 0.0,\n 0.0, 0.0, 0.0, 0.0, 0.0, 0.00045, 0.01798,\n 0.0, 0.03111, 0.00063, 0.00027, 0.0, 0.01336, 0.0133,\n 0.00128, 0.0027, 0.00655, 0.01932, 0.01917, 0.00432, 0.0045,\n 0.00316, 0.00245, 0.00133, 0.001029, 0.00114, 0.000869, 0.00067,\n 0.000759, 0.00061, 0.00483, 0.0023, 0.00185, 0.01342, 0.00196,\n 0.00035, 0.00092, 0.027875, 0.007465, 0.016265, 0.013995, 0.0490895,\n 0.00848, 0.00771, 0.00737, 0.025615, 0.001725, 0.002265, 0.017875,\n 0.016005, 0.02533, 0.025295, 0.014375, 0.00109, 0.02732, 0.02658,\n 0.037355, 0.011575, 0.00451, 0.005865, 0.003255, 0.005965, 0.00077,\n 0.00621, 0.00222, 0.0062, 0.0, 0.00538, 0.00122, 0.027875,\n 0.007465, 0.016265, 0.013995, 0.0490895, 0.00848, 0.00771, 0.00737,\n 0.025615, 0.001725, 0.002265, 0.017875, 0.016005, 0.02533, 0.025295,\n 0.014375, 0.00109, 0.02732, 0.02658, 0.037355, 0.011575, 0.00451,\n 0.005865, 0.003255, 0.005965, 0.00077, 0.00771, 0.002379, 0.00766,\n 0.0, 0.0, 0.0, 0.0, 0.0, 0.0, 0.0,\n 0.0, 0.0, 0.0, 0.0, 0.0, 0.0, 0.0,\n 0.0, 0.0, 0.0, 0.0, 0.0, 0.0, 0.0,\n 0.0, 0.0, 0.0, 0.0, 0.0, 0.0, 0.0,\n 0.0, 0.0, 0.0, 0.0, 0.0, 0.0, 0.0,\n 0.0, 0.0, 0.0, 0.0, 0.0, 0.0, 0.0,\n 0.0, 0.0, 0.0, 0.0, 0.0, 0.0, 0.0,\n 0.0, 0.0, 0.0, 0.0, 0.0, 0.0, 0.0,\n 0.0, 0.0, 0.0, 0.0, 0.0, 0.0, 0.0,\n 0.0, 0.0, 0.0, 0.0, 0.0, 0.0, 0.0,\n 0.0, 0.0, 0.0, 0.0, 0.0, 0.0, 0.0,\n 0.0, 0.0, 0.0, 0.0, 0.0, 0.0, 0.0,\n 0.0, 0.0, 0.0, 0.0, 0.0, 0.0, 0.0,\n 0.0, 0.0, 0.0, 0.0, 0.0, 0.0, 0.0,\n 0.0, 0.0, 0.0, 0.0, 0.0, 0.0, 0.0,\n 0.0, 0.0, 0.0, 0.0, 0.0, 0.0, 0.0,\n 0.0, 0.0, 0.0, 0.0, 0.0, 0.0, 0.0,\n 0.0, 0.0, 0.0, 0.0, 0.0, 0.0, 0.0,\n 0.0, 0.0, 0.0\n ]\n } \n}\n",
|
|
"replace_current_osquery_config": true
|
|
} |