Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

Develop an Ansible Role that queries Linux using osquery #6

Open
robellegate opened this issue Nov 6, 2019 · 0 comments
Open

Develop an Ansible Role that queries Linux using osquery #6

robellegate opened this issue Nov 6, 2019 · 0 comments
Assignees
@robellegate

Comments

@robellegate
Copy link
Contributor

  1. Querying basic host information including:
    1. Host name and Domain (if applicable) info
    2. OS and OS Patch level
    3. IP information
    4. List of local users
  2. Querying installed software including:
    1. Installed server components
      1. AD, IIS, etc.
    2. Querying installed application software
    3. Querying software to be run on boot
  3. Query information that may be useful for incident response
    1. Recent user logons
      1. May make your own assumptions about “recent”
    2. Running processes
      1. Include: The process ID, the process name, the user id, the parent process id, and the path to the process’ binary
    3. Suspicious (other than 80,443) outbound connections
@robellegate robellegate self-assigned this Nov 12, 2019
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Assignees

@robellegate robellegate

Labels
None yet
Projects
None yet
Milestone
No milestone
Development

No branches or pull requests
1 participant
@robellegate