https://github.com/osquery/osquery logo
Join Slack
Powered by
# general
  • g
    Release - 5.19.0 New release published by zwass ## What's Changed ### Features • Add table 
    deb_package_files
    by @zwass in #8657 • Add 
    system_profiler
    table for macOS by @zwass in #8645 • Add version collate to 
    os_version
    table's 
    version
    column by @Micah-Kolide in #8659 • Add 
    entitlements
    column to macOS 
    signature
    table by @zwass in #8666 • Add support for VSCode forks in 
    vscode_extensions
    by @zwass in #8664 ### Bugfixes • Fix 
    NSInvalidArgumentException
    when querying 
    connected_displays
    by @Synse in #8628 • Fix inconsistent counter resets due to 
    Config::purge()
    by @skurpad7 in #8635 • Update linux 
    block_device
    and 
    disk_encryption
    source data to simple sysfs implementation by @Micah-Kolide in #8182 • Fix ATC for open Firefox databases by @zwass in #8631 ### Other • libs: yara: 4.2.3 -> 4.5.4 by @LeSuisse in #8643 • Upgrading zlib to 1.3.1 by @ksykulev in #8625 • Fix build for XCode SDK 16.4 by @lucasmrod in #8640 • Update build instructions for workaround for XCode SDK > 16.3 by @lucasmrod in #8650 • Add Cursor AI editor configurations by @zwass in #8656 • Further improvement to Cursor rules by @zwass in #8662 • Update Windows build instructions by @zwass in #8661 ## New Contributors • @Synse made their first contribution in #8628@skurpad7 made their first contribution in #8635 Full Changelog: 5.18.0...5.19.0 osquery/osquery
  • z
    Hey folks, osquery 5.19.0 is now available in pre-release for testing: https://github.com/osquery/osquery/releases/tag/5.19.0. Please file an issue if you run into anything!
    🎉 5
    👍 1
    f
    s
    • 3
    • 2
  • a
    QQ, I have a process that spawns osqueryd and I want my process to also be the config extension of osqueryd. If I pass 
    --config_plugin=mycustomconfig
    I’ll get an error saying this plugin is unknown. The example I know to work with config plugin work the opposite way:
    Copy code
    ./osqueryd --extension /path/to/config.ext --config_plugin=mycustomconfig
    but in this case osqueryd needs to spawn the extension binary. Is there any approach in which I can run osqueryd and register myself as config plugin without making it spawn a different process?
    s
    s
    • 3
    • 6
  • g
    1 new commit pushed to 
    <https://github.com/osquery/osquery/tree/master|master>
    by directionless 
    <https://github.com/osquery/osquery/commit/fe46618d352ce25c5ac9b2218c4b540047016e3f|fe46618d>
    - Enhance issue description with automation note (#8679) osquery/osquery
  • p
    currently i am doing packet sniffing so that we can develop "osquery_extension" - during packet sniffing i want to store [Date | time |domain | URL | User | source& destination IP & port| TLS_certifying_authority | TLS_protocol, ------- I am trying with scapy library, # anyone suggest which library we should use so that we can capture all these details
    s
    • 2
    • 1
  • s
    Hi folks! I'm pleased to announce 5.19.0 is stable. https://osquery.io/downloads/official/5.19.0
    🎉 3
  • g
    1 new commit pushed to 
    <https://github.com/osquery/osquery/tree/master|master>
    by zwass 
    <https://github.com/osquery/osquery/commit/f74a51f649d1bceba43b349008ab3b4cfcf0d0b0|f74a51f6>
    - Change dependency for macOS universal binary in CI workflow (#8667) osquery/osquery
  • g
    1 new commit pushed to 
    <https://github.com/osquery/osquery/tree/master|master>
    by zwass 
    <https://github.com/osquery/osquery/commit/a5030826256abb8a4174bcdf6007c4ef5238977d|a5030826>
    - Update CHANGELOG to point to Releases page. (#8681) osquery/osquery
  • g
    1 new commit pushed to 
    <https://github.com/osquery/osquery/tree/master|master>
    by zwass 
    <https://github.com/osquery/osquery/commit/b3e3f3b6fefe799f61191c1ebe5f2e44f0fe1390|b3e3f3b6>
    - Update dns_resolvers documentation to point to interface_details on Windows (#8682) osquery/osquery
  • g
    1 new commit pushed to 
    <https://github.com/osquery/osquery/tree/master|master>
    by zwass 
    <https://github.com/osquery/osquery/commit/1a4114c729b28a2f23c1c11466ab7e45ec6c9521|1a4114c7>
    - Fix build against libaudit >=4.1.1 by removing set_aumessage_mode call (#8676) osquery/osquery
  • g
    1 new commit pushed to 
    <https://github.com/osquery/osquery/tree/master|master>
    by zwass 
    <https://github.com/osquery/osquery/commit/05ddd2b6ba90529614f1bcab199be4594820b16b|05ddd2b6>
    - libs: libarchive: 3.7.9 -> 3.8.1 (#8642) osquery/osquery
  • t
    Hi! 🙂 Would really appreciate a hand on this issue 🙏 Thanks a lot in advance
  • g
    1 new commit pushed to 
    <https://github.com/osquery/osquery/tree/master|master>
    by zwass 
    <https://github.com/osquery/osquery/commit/05b741229d91189acb019e3923c3f5075e088a3d|05b74122>
    - Add default path for CA certificate bundle on openSUSE (#8687) osquery/osquery
  • g
    1 new commit pushed to 
    <https://github.com/osquery/osquery/tree/master|master>
    by directionless 
    <https://github.com/osquery/osquery/commit/cab5fc757f3d70133061ead5a505ae07768049ab|cab5fc75>
    - Exclude config views from db migration (#8678) osquery/osquery
  • g
    1 new commit pushed to 
    <https://github.com/osquery/osquery/tree/master|master>
    by directionless 
    <https://github.com/osquery/osquery/commit/ac3b20691dac898ee63fdc7bb6e2d2eec9f61bc7|ac3b2069>
    - Stop trying to install strawberry perl on the windows CI runners (#8698) osquery/osquery
  • g
    1 new commit pushed to 
    <https://github.com/osquery/osquery/tree/master|master>
    by directionless 
    <https://github.com/osquery/osquery/commit/a34034a5bff1d4addb8d32b40dd28ec4097f34d9|a34034a5>
    - Free diskspace on linux CI runners (#8697) osquery/osquery
  • g
    1 new commit pushed to 
    <https://github.com/osquery/osquery/tree/master|master>
    by zwass 
    <https://github.com/osquery/osquery/commit/56473dc9fd428e5de2e1eb11078de152bcce544d|56473dc9>
    - Make 
    vscode_extensions
    more consistently report UUID (#8693) osquery/osquery
  • g
    1 new commit pushed to 
    <https://github.com/osquery/osquery/tree/master|master>
    by zwass 
    <https://github.com/osquery/osquery/commit/181ac85d48542de41c8bb10e60713ef9c6018b81|181ac85d>
    - Don't overwrite hardware_version if it has a value (#8690) osquery/osquery
  • g
    1 new commit pushed to 
    <https://github.com/osquery/osquery/tree/master|master>
    by zwass 
    <https://github.com/osquery/osquery/commit/9fdcd51bb2cbfc81b487cf9bc48f3b3aa2226bbb|9fdcd51b>
    - Support 
    nvm
    on 
    npm_packages
    table (#8694) osquery/osquery
  • z
    Whoops, we accidentally posted promotional content into this channel rather than #C01DXJL16D8. Sorry about that. Now deleted.
    ty 1
  • s
    Hi guys, could you advise me on how to use osquery to retrieve the same configurations that I previously obtained via the 
    sysctl -a
    command?
    f
    • 2
    • 2
  • g
    1 new commit pushed to 
    <https://github.com/osquery/osquery/tree/master|master>
    by zwass 
    <https://github.com/osquery/osquery/commit/ad99fb5651afbbd1871f2de60b7873f78935262f|ad99fb56>
    - Add scoped npm package path (#8686) osquery/osquery
  • g
    1 new commit pushed to 
    <https://github.com/osquery/osquery/tree/master|master>
    by directionless 
    <https://github.com/osquery/osquery/commit/e8f154ef3143ad31073d918612de394f2e958a77|e8f154ef>
    - Fix SQL examples for system_profiler table (#8699) osquery/osquery
  • s
    Is anyone using the 
    jetbrains_plugins
    table with success? I'm unable to get it to return results on hosts that have jetbrains plugins installed. Trying both via osqueryi locally and w/ distributed queries via Fleet.
    1
    g
    s
    • 3
    • 3
  • c
    Hi, I have a question about how the 
    --events_optimize
    parameter works; it is enabled by default. I currently have 
    --watchdog_level=0
    in my osquery configuration, and 
    --events_optimize
    is set to false. I collect data from the *_events tables and I’m concerned that I might run into issues with losing some logs. According to the documentation, this parameter works as follows:
    Copy code
    Every time the SELECT query runs on a subscriber, the current time is saved. Subsequent SELECTs will use the previously saved time as the lower bound.
    I’m interested in how the current time is saved: is it recorded after the query completes successfully, or before the query completes, at execution time? Just in case a query against a *_events table becomes resource-intensive, the watchdog may kill the osquery process, and if the current time is saved at execution time, I could lose logs, since the next query will no longer see older events.
    👀 1
  • g
    1 new commit pushed to 
    <https://github.com/osquery/osquery/tree/master|master>
    by directionless 
    <https://github.com/osquery/osquery/commit/57e120d124688dc866081ee6bf857994536a881c|57e120d1>
    - Project Documentation/README updates (#8696) osquery/osquery
  • g
    1 new commit pushed to 
    <https://github.com/osquery/osquery/tree/master|master>
    by zwass 
    <https://github.com/osquery/osquery/commit/f4fd92fbc2648eb914859dff57f38b1fe1ff99d8|f4fd92fb>
    - Add more informative descriptions for 
    mounts.blocks_free
    and 
    mounts.blocks_available
    (#8701) osquery/osquery
  • g
    Release - 5.20.0 New release published by zwass ## What's Changed • Enhance issue description with automation note by @directionless in #8679 • Change dependency for macOS universal binary in CI workflow by @zwass in #8667 • Update CHANGELOG to point to Releases page. by @frankgraziano in #8681 • Update dns_resolvers documentation to point to interface_details on Windows by @zwass in #8682 • Fix build against libaudit >=4.1.1 by removing set_aumessage_mode call by @Blarse in #8676 • libs: libarchive: 3.7.9 -> 3.8.1 by @LeSuisse in #8642 • Add default path for CA certificate bundle on openSUSE by @iko1 in #8687 • Exclude config views from db migration by @Micah-Kolide in #8678 • Stop trying to install strawberry perl on the windows CI runners by @directionless in #8698 • Free diskspace on linux CI runners by @directionless in #8697 • Make 
    vscode_extensions
    more consistently report UUID by @zwass in #8693 • Don't overwrite hardware_version if it has a value by @sbrito85 in #8690 • Support 
    nvm
    on 
    npm_packages
    table by @dantecatalfamo in #8694 • Add scoped npm package path by @lichao127 in #8686 • Fix SQL examples for system_profiler table by @zwass in #8699 • Project Documentation/README updates by @directionless in #8696 • Add more informative descriptions for 
    mounts.blocks_free
    and 
    mounts.blocks_available
    by @jacobshandling in #8701 ## New Contributors • @frankgraziano made their first contribution in #8681@Blarse made their first contribution in #8676@jacobshandling made their first contribution in #8701 Full Changelog: 5.19.0...5.20.0 osquery/osquery
  • z
    Hey folks, Seph and I got the 5.20.0 pre-release out last week. Please test if you are able.
    🎉 1
    s
    • 2
    • 5
  • g
    1 new commit pushed to 
    <https://github.com/osquery/osquery/tree/master|master>
    by zwass 
    <https://github.com/osquery/osquery/commit/6f6fe28f37765fdcd57a0e85c06e5959d4fe5718|6f6fe28f>
    - Improvements to password_policy table (#8705) osquery/osquery