November 11, 2018November 11, 2018DefensiveDepthLeave a Comment

Tag osquery logs with ATT&CK IDs

Just a quick tip: Tag your osquery queries/logs with @MITREattack IDs like so: SELECT username,shell, ‘T1136’ AS attckID FROM users;

Enter your comment here...

Fill in your details below or click an icon to log in:

Email (required) (Address never made public)

Name (required)

Website

You are commenting using your WordPress.com account. ( Log Out / Change )

You are commenting using your Twitter account. ( Log Out / Change )

You are commenting using your Facebook account. ( Log Out / Change )

Connecting to %s