artif: new artifact

Signed-off-by: Thiago Canozzo Lahr <[email protected]>

CHANGELOG.md

@@ -10,13 +10,16 @@
 ### Artifacts
 
 - files/applications/anydesk.yaml: Added the collection of AnyDesk configuration, chat transcript, screenshot, session recording and trace files [freebsd, linux, macos].
-- files/applications/box_drive.yaml: Added the collection of Box Drive configuration and sqlite database files [macos].
+- files/applications/box_drive.yaml: Added the collection of Box Drive client configuration and sqlite database files [macos].
+- files/applications/qnap_qsync.yaml: Added the collection of QNAP Qsync client configuration and log files [linux, macos].
 - files/applications/spotlight_shortcuts.yaml: Added the collection of searches that a user performed in the Spotlight application [macos].
+- files/applications/synology_drive.yaml: Added the collection of Synology Drive client configuration, database and log files [linux, macos].
 - files/system/coreanalytics.yaml: Added the collection of information about the system usage and application execution history [macos].
 - files/system/powerlog.yaml: Added the collection of Powerlog archive files [macos].
 - live_response/network/lsof.yaml: Added the listing of UNIX domain socket files.
+- live_response/packages/synopkg.yaml: Added the collection of installed packages on Synology DSM systems [linux].
 - live_response/process/deleted.yaml: Added the collection of process memory sections and strings (for processes shown up as being deleted) from '/proc/[pid]/mem' [linux].
 - live_response/system/lastlog.yaml: Added the collection of the last login log '/var/log/lastlog' file [linux].
 - live_response/system/timedatectl.yaml: Added the collection of current settings of the system clock and RTC, including whether network time synchronization is active or not [linux].
 - memory_dump/process_memory_sections_strings.yaml: Added the collection of process memory sections and strings from '/proc/[pid]/mem' [linux].
-- memory_dump/process_memory_strings.yaml: Added the collection of process memory strings only from '/proc/[pid]/mem' [linux].
+- memory_dump/process_memory_strings.yaml: Added the collection of process memory strings only from '/proc/[pid]/mem' [linux].

artifacts/files/applications/qnap_qsync.yaml

@@ -0,0 +1,15 @@
+version: 1.0
+artifacts:
+ -
+ description: Collect QNAP Qsync application configuration and log files.
+ supported_os: [linux]
+ collector: file
+ path: /%user_home%/.local/share/QNAP/Qsync
+ exclude_nologin_users: true
+ -
+ description: Collect QNAP Qsync application configuration and log files.
+ supported_os: [macos]
+ collector: file
+ path: /%user_home%/.Qsync
+ exclude_nologin_users: true
+

artifacts/files/applications/synology_drive.yaml

@@ -0,0 +1,27 @@
+version: 1.0
+artifacts:
+ -
+ description: Collect Synology Drive application database and data files.
+ supported_os: [linux]
+ collector: file
+ path: /%user_home%/.SynologyDrive/data
+ exclude_nologin_users: true
+ -
+ description: Collect Synology Drive application log files.
+ supported_os: [linux]
+ collector: file
+ path: /%user_home%/.SynologyDrive/log
+ exclude_nologin_users: true
+ -
+ description: Collect Synology Drive application database and data files.
+ supported_os: [macos]
+ collector: file
+ path: /%user_home%/Library/"Application Support"/SynologyDrive/data
+ exclude_nologin_users: true
+ -
+ description: Collect Synology Drive application log files.
+ supported_os: [macos]
+ collector: file
+ path: /%user_home%/Library/"Application Support"/SynologyDrive/log
+ exclude_nologin_users: true
+

artifacts/live_response/packages/synopkg.yaml

@@ -0,0 +1,10 @@
+version: 1.0
+artifacts:
+ -
+ description: Displays information about installed packages on Synology DSM system.
+ supported_os: [linux]
+ collector: command
+ command: synopkg list
+ output_file: synopkg_list.txt
+
+