Osquery Pack - Coldroot Detection


This search looks for ColdRoot events from the osx-attacks osquery pack.


Osquery Pack - Coldroot Detection Help

In order to properly run this search, Splunk needs to ingest data from your osquery deployed agents with the osx-attacks.conf pack enabled. Also the TA-OSquery must be deployed across your indexers and universal forwarders in order to have the osquery data populate the Alerts data model


Open in Search