{
  "queries": {
    "launchd": {
      "query" : "select * from launchd;",
      "interval" : "3600",
      "platform" : "darwin",
      "version" : "1.4.5",
      "description" : "Retrieves all the daemons that will run in the start of the target OSX system.",
      "value" : "Identify malware that uses this persistence mechanism to launch at system boot"
    },
    "disk_encryption": {
      "query" : "select * from disk_encryption;",
      "interval" : "86400",
      "platform": "posix",
      "version" : "1.4.5",
      "description" : "Retrieves the current disk encryption status for the target system.",
      "value" : "Identifies a system potentially vulnerable to disk cloning."
    },
    "iptables": {
      "query" : "select * from iptables;",
      "interval" : "3600",
      "platform" : "linux",
      "version" : "1.4.5",
      "description" : "Retrieves the current filters and chains per filter in the target system.",
      "value" : "Verify firewall settings are as restrictive as you need. Identify unwanted firewall holes made by malware or humans"
    },
    "app_schemes": {
      "query" : "select * from app_schemes;",
      "interval" : "86400",
      "platform" : "darwin",
      "version" : "1.4.7",
      "description" : "Retrieves the list of application scheme/protocol-based IPC handlers.",
      "value" : "Post-priori hijack detection, detect potential sensitive information leakage."
    },
    "sandboxes": {
      "query" : "select * from sandboxes;",
      "interval" : "86400",
      "platform" : "darwin",
      "version" : "1.4.7",
      "description" : "Lists the application bundle that owns a sandbox label.",
      "value" : "Post-priori hijack detection, detect potential sensitive information leakage."
    }
  }
}