In aggregate, queries should not consume more than 2% of the wall clock time across a day on a deployed system. Managing false positives is easier said than done - pull requests are welcome! CPU Overhead We endeavor to exclude real-world false positives from our detection queries. In particular, we've been asked about Windows support: Chainguard doesn't have any Windows machines, but if you have Windows queries that you think would be useful and match our philosophy, we're more than willing to accept them! False Positives While originally focused on Linux and macOS, we support the addition of queries on any platform supported by osquery. Users may submit false positive exceptions for popular well-known software packages, but may be asked to provide evidence for the behavior. Help Wanted! We support any new queries so long as they can be easily updated to address false positives.
0 Comments
Leave a Reply. |
AuthorWrite something about yourself. No need to be fancy, just an overview. ArchivesCategories |