Importing Chainguard Queries - splunkasaurus97/fleetasaurus GitHub Wiki

OSQUERY DEFENSE KIT - CHAINGUARD https://github.com/chainguard-dev/osquery-defense-kit

OSQUERY DEFENSE KIT - BEN (import into FleetDM) https://benheater.com/threat-hunting-fleetdm-osquery https://github.com/0xBEN/osquery-defense-kit

fleetctl config set --address https://fleetip:8080 fleetctl config set --tls-skip-verify true fleetctl login

cd /opt/fleet wget https://github.com/splunkasaurus97/fleetasaurus/blob/main/chainguard-IR-queries.yml; wget https://github.com/splunkasaurus97/fleetasaurus/blob/main/chainguard-detection-queries.yml fleetctl apply -f /opt/fleet/chainguard-IR-queries.yml;fleetctl apply -f /opt/fleet/chainguard-detection-queries.yml;