JosephGregg/osquery testing

## osquery testing
{
  "options": {
    "config_plugin": "filesystem",
    "debug": "true",
    "host_identifier": "LAPTOP",
    "log_result_events": "true",
    "logger_plugin": "filesystem",
    "schedule_splay_percent": "10",
    "verbose_debug": "true",
    "verbose": "true",
    "events_expiry": "3600",
    "worker_threads": "4"
    },
    "schedule": {
      "macos_kextstat": {
        "interval": 10,
        "name": "kextstat query",
        "query": "SELECT * FROM kernel_extensions;"
      },
      "changing_usb": {
        "interval": 30,
        "name": "changing_usb",
        "query": "SELECT * FROM usb_devices;"
      },
      "system_info": {
        "interval": 3600,
        "name": "system_info",
        "query": "SELECT hostname, cpu_brand, physical_memory FROM system_info;"
      },
      "crontab_query": {
        "interval": 300,
        "name": "crontab_query",
        "query": "SELECT * FROM crontab;"
      },
      "listening_ports": {
        "interval": 300,
        "name": "listening_ports",
        "query": "SELECT * FROM listening_ports;"
      },
      "startup_items": {
        "interval": 300,
        "name": "startup_items",
        "query": "SELECT * FROM startup_items;"
      },
      "logged_in_users": {
        "interval": 300,
        "name": "logged_in_users",
        "query": "SELECT * from logged_in_users;"
      },
      "installed_chrome_extensions": {
        "interval": 300,
        "name": "installed_chrome_extensions",
        "query": "SELECT name,identifier,path,version,update_url from chrome_extensions;"
      },
      "hash_installed_apps": {
        "interval": 3600,
        "name": "hash_installed_apps",
        "query": "SELECT hash.* from hash join apps where hash.path = printf('%s/Contents/MacOS/%s', apps.path, apps.bundle_executable);"
      },
      "file_events": {
        "interval": 300,
        "name": "file_events",
        "removed": false,
        "query": "SELECT * from file_events;"
      },
      "file_paths": {
        "etc": [
          "/etc/%%"
          ]
      },
      "packs": {
        "osquery-monitoring": "/var/osquery/packs/osquery-monitoring.conf",
        "incident-response": "/var/osquery/packs/incident-response.conf",
        "it-compliance": "/var/osquery/packs/it-compliance.conf",
        "osx-attacks": "/var/osquery/packs/osx-attacks.conf",
        "vuln-management": "/var/osquery/packs/vuln-management.conf",
        "hardware-monitoring": "/var/osquery/packs/hardware-monitoring.conf"
      }
    }
}
	{
	"options": {
	"config_plugin": "filesystem",
	"debug": "true",
	"host_identifier": "LAPTOP",
	"log_result_events": "true",
	"logger_plugin": "filesystem",
	"schedule_splay_percent": "10",
	"verbose_debug": "true",
	"verbose": "true",
	"events_expiry": "3600",
	"worker_threads": "4"
	},
	"schedule": {
	"macos_kextstat": {
	"interval": 10,
	"name": "kextstat query",
	"query": "SELECT * FROM kernel_extensions;"
	},
	"changing_usb": {
	"interval": 30,
	"name": "changing_usb",
	"query": "SELECT * FROM usb_devices;"
	},
	"system_info": {
	"interval": 3600,
	"name": "system_info",
	"query": "SELECT hostname, cpu_brand, physical_memory FROM system_info;"
	},
	"crontab_query": {
	"interval": 300,
	"name": "crontab_query",
	"query": "SELECT * FROM crontab;"
	},
	"listening_ports": {
	"interval": 300,
	"name": "listening_ports",
	"query": "SELECT * FROM listening_ports;"
	},
	"startup_items": {
	"interval": 300,
	"name": "startup_items",
	"query": "SELECT * FROM startup_items;"
	},
	"logged_in_users": {
	"interval": 300,
	"name": "logged_in_users",
	"query": "SELECT * from logged_in_users;"
	},
	"installed_chrome_extensions": {
	"interval": 300,
	"name": "installed_chrome_extensions",
	"query": "SELECT name,identifier,path,version,update_url from chrome_extensions;"
	},
	"hash_installed_apps": {
	"interval": 3600,
	"name": "hash_installed_apps",
	"query": "SELECT hash.* from hash join apps where hash.path = printf('%s/Contents/MacOS/%s', apps.path, apps.bundle_executable);"
	},
	"file_events": {
	"interval": 300,
	"name": "file_events",
	"removed": false,
	"query": "SELECT * from file_events;"
	},
	"file_paths": {
	"etc": [
	"/etc/%%"
	]
	},
	"packs": {
	"osquery-monitoring": "/var/osquery/packs/osquery-monitoring.conf",
	"incident-response": "/var/osquery/packs/incident-response.conf",
	"it-compliance": "/var/osquery/packs/it-compliance.conf",
	"osx-attacks": "/var/osquery/packs/osx-attacks.conf",
	"vuln-management": "/var/osquery/packs/vuln-management.conf",
	"hardware-monitoring": "/var/osquery/packs/hardware-monitoring.conf"
	}
	}
	}