Skip to content

Commit

Permalink
Add XProtect definitions for macOS
Browse files Browse the repository at this point in the history
  • Loading branch information
@mgreen27
mgreen27 committed Feb 9, 2024
1 parent cd440b2 commit cb64985
Show file tree
Hide file tree
Showing 2 changed files with 9 additions and 1 deletion.
4 changes: 4 additions & 0 deletions definitions/MacOS_XProtect_Detections.yaml
View file
Original file line number Diff line number Diff line change
Expand Up @@ -27,6 +27,10 @@ Sources:
- VQL: |
SELECT *
FROM Rows
WHERE dt > DateAfter
AND dt < DateBefore
AND (violated_rule, exec_path, responsible_path, responsible_signing_id,
exec_cdhash, exec_sha256, responsible_cdhash, responsible_sha256 ) =~ FilterRegex
SQL: |
SELECT * FROM events
Loading

0 comments on commit cb64985

Please sign in to comment.