MISP
/
misp-modules
mirror of https://github.com/MISP/misp-modules
2
0
Fork 0
Code Issues Releases Wiki Activity

Merge pull request #240 from 0xmilkmix/support_osquery_win_named_obj 

super simple support for mutexes through winbaseobj in osquery 3.3
pull/247/head
Alexandre Dulaunoy 2018-10-26 08:09:50 +02:00 committed by GitHub
parent c046d04712 7ae9b767fc
commit 78cf1f79d2
No known key found for this signature in database
GPG Key ID: 4AEE18F83AFDEB23
1 changed files with 1 additions and 1 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

2
misp_modules/modules/export_mod/osqueryexport.py
View File

@ -42,7 +42,7 @@ def handle_regkeyvalue(value):
return 'SELECT * FROM registry WHERE path LIKE \'%s\' AND data LIKE \'%s\';' % (key, value)
def handle_mutex(value):
return 'not implemented yet'
return 'SELECT * FROM winbaseobj WHERE object_name LIKE \'%s\';' % value
def handle_service(value):
return 'SELECT * FROM services WHERE display_name LIKE \'%s\' OR name like \'%s\';' % (value, value)