forked from teoseller/osquery-attck
-
Notifications
You must be signed in to change notification settings - Fork 0
/
Copy pathwindows_browsere-extensions.conf
30 lines (30 loc) · 1.25 KB
/
windows_browsere-extensions.conf
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
{
"platform": "windows",
"description": "ATT&CK: T1176",
"queries": {
"chrome_extensions": {
"query": "select u.username, ce.name,ce.identifier,ce.version,ce.description,ce.locale,ce.update_url,ce.author,ce.persistent,ce.path from chrome_extensions ce LEFT JOIN users u ON ce.uid = u.uid;",
"interval": 3600,
"description": "Lists all chrome extensions - ATT&CK T1176",
"removed": false
},
"Snapshot_chrome_extensions": {
"query": "select u.username, ce.name,ce.identifier,ce.version,ce.description,ce.locale,ce.update_url,ce.author,ce.persistent,ce.path from chrome_extensions ce LEFT JOIN users u ON ce.uid = u.uid;",
"interval": 28800,
"description": "Snapshot Lists all chrome extensions - ATT&CK T1176",
"snapshot": true
},
"iexplorer_extensions": {
"query": "select * from ie_extensions;",
"interval": 3600,
"description": "Lists all internet explorer extensions - ATT&CK T1176",
"removed": false
},
"Snapshot_iexplorer_extensions": {
"query": " select * from ie_extensions;",
"interval": 28800,
"description": "Snapshot Lists all internet explorer extensions - ATT&CK T1176",
"snapshot": true
}
}
}