Osquery Pack - Coldroot Detection

Description

This search looks for ColdRoot events from the osx-attacks osquery pack.

Content Mapping

This content is not mapped to any local saved search. Add mapping


Use Case

Security Monitoring

Category

Malware

Alert Volume

This search looks for ColdRoot events from the osx-attacks osquery pack.

SPL Difficulty

None

Journey

Stage 3

Kill Chain Phases

Installation
Command and Control

   Help

Osquery Pack - Coldroot Detection Help

In order to properly run this search, Splunk needs to ingest data from your osquery deployed agents with the osx-attacks.conf pack enabled. Also the TA-OSquery must be deployed across your indexers and universal forwarders in order to have the osquery data populate the Alerts data model

   Search

Open in Search