Osquery Pack - Coldroot Detection

Description

This search looks for ColdRoot events from the osx-attacks osquery pack.

   Help

Osquery Pack - Coldroot Detection Help

In order to properly run this search, Splunk needs to ingest data from your osquery deployed agents with the osx-attacks.conf pack enabled. Also the TA-OSquery must be deployed across your indexers and universal forwarders in order to have the osquery data populate the Alerts data model

   Search

Open in Search