Osquery Pack - Coldroot Detection
This search looks for ColdRoot events from the osx-attacks osquery pack.
This content is not mapped to any local saved search. Add mapping
Osquery Pack - Coldroot Detection Help
In order to properly run this search, Splunk needs to ingest data from your osquery deployed agents with the osx-attacks.conf pack enabled. Also the TA-OSquery must be deployed across your indexers and universal forwarders in order to have the osquery data populate the Alerts data model
Open in Search