Created
August 15, 2020 18:33
-
-
Save defensivedepth/4bdcdaa29dca243267548539bb9b235b to your computer and use it in GitHub Desktop.
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
| apiVersion: v1 | |
| kind: options | |
| spec: | |
| config: | |
| decorators: | |
| always: | |
| - SELECT codename FROM os_version; | |
| - SELECT uuid AS live_query FROM system_info; | |
| - SELECT address AS endpoint_ip1 FROM interface_addresses where address not | |
| like '%:%' and address not like '127%' and address not like '169%' order by | |
| interface desc limit 1; | |
| - SELECT address AS endpoint_ip2 FROM interface_addresses where address not | |
| like '%:%' and address not like '127%' and address not like '169%' order by | |
| interface asc limit 1; | |
| - SELECT hardware_serial FROM system_info; | |
| - SELECT hostname AS hostname FROM system_info; | |
| options: | |
| decorations_top_level: true | |
| disable_distributed: false | |
| distributed_interval: 10 | |
| distributed_plugin: tls | |
| distributed_tls_max_attempts: 3 | |
| distributed_tls_read_endpoint: /api/v1/osquery/distributed/read | |
| distributed_tls_write_endpoint: /api/v1/osquery/distributed/write | |
| enable_windows_events_publisher: true | |
| enable_windows_events_subscriber: true | |
| logger_plugin: tls | |
| logger_tls_endpoint: /api/v1/osquery/log | |
| logger_tls_period: 10 | |
| pack_delimiter: _ | |
| overrides: {} |
Sign up for free
to join this conversation on GitHub.
Already have an account?
Sign in to comment