I hereby claim:
- I am defensivedepth on github.
- I am defensivedepth (https://keybase.io/defensivedepth) on keybase.
- I have a public key whose fingerprint is 490B F7E2 AF7A BF3B A50C 4099 71D6 3317 B0E3 C693
To claim this, I am signing this object:
# Place under /etc/logstash/custom, see here for more details: | |
# https://github.com/Security-Onion-Solutions/security-onion/wiki/Logstash | |
filter { | |
if "osquery" in [tags] { | |
json { | |
source => message | |
target => osquery | |
} |
-- Joins chrome_extension and users table, looks for Mega chrome identifier and specific version number; should also consider running without the version number, to find all users with Mega extension installed and then get it removed prior to it updating. | |
SELECT users.username,chrome_extensions.name,chrome_extensions.version,chrome_extensions.path FROM chrome_extensions JOIN users ON users.uid = chrome_extensions.uid where chrome_extensions.identifier = 'bigefpfhnfcobdlfbedofhhaibnlghod' and chrome_extensions.version = '3.39.4'; |
I hereby claim:
To claim this, I am signing this object: