Skip to content

Add --yara_sigurl_authenticate flag #8437

New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom
Merged
zwass merged 2 commits into from
Oct 10, 2024
Merged

Add --yara_sigurl_authenticate flag #8437

zwass merged 2 commits into from
Oct 10, 2024

Conversation

@zwass
Copy link
Member

@zwass zwass commented Oct 8, 2024

This allows osquery users to host their yara rules behind an authenticated endpoint.

Allow authentication for yara sigurl requests by enabling this flag. When enabled, osquery will send a POST request with a body containing the node key as in other osquery TLS requests. Server response is expected to be the same as unauthenticated requests: a plaintext yara signature file.

zwass added 2 commits October 8, 2024 12:02
@zwass
Add --yara_sigurl_authenticate flag
765a0af 
This allows osquery users to host their yara rules behind an authenticated endpoint.

Allow authentication for yara sigurl requests by enabling this flag. When enabled, osquery will send a POST request with a body containing the node key as in other osquery TLS requests. Server response is expected to be the same as unauthenticated requests: a plaintext yara signature file.
@zwass
Add wiki docs
d462d18
@zwass zwass added the remote label Oct 8, 2024
@zwass zwass requested review from a team as code owners October 8, 2024 19:11
@zwass zwass changed the title Yara sigurl authenticate Add --yara_sigurl_authenticate flag Oct 8, 2024
@zwass zwass mentioned this pull request Oct 8, 2024
Closed
15 tasks
directionless
directionless approved these changes Oct 9, 2024
View reviewed changes
Copy link
Member

@directionless directionless left a comment

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

Functionality looks good.

If I wanted this, I can't decide if I'd want another flag (as implemented), or if I'd want a different option to the yara config. (Like auth_signature_urls or something)

@directionless directionless modified the milestones: 5.15, 5.14 Oct 9, 2024
@zwass
Copy link
Member Author

zwass commented Oct 10, 2024

Thanks for the review! I could see adding a config section in the future if we find that users need to do both authenticated and unauthenticated options.

@zwass zwass merged commit b2230ac into osquery:master Oct 10, 2024
@zwass zwass deleted the yara-sigurl-authenticate branch October 10, 2024 00:14
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment

Reviewers

@directionless directionless directionless approved these changes

Assignees

No one assigned

Labels

remote

Projects

None yet

Milestone

5.14

Development

Successfully merging this pull request may close these issues.

2 participants

@zwass @directionless