https://github.com/osquery/osquery logo
Join Slack
Powered by
# general
  • g
    1 new commit pushed to 
    <https://github.com/osquery/osquery/tree/master|master>
    by zwass 
    <https://github.com/osquery/osquery/commit/daff69d02018d343341499c8cd0b02f2683ca5ed|daff69d0>
    - Fix build for XCode SDK 16.4 (#8640) osquery/osquery
  • g
    1 new commit pushed to 
    <https://github.com/osquery/osquery/tree/master|master>
    by zwass 
    <https://github.com/osquery/osquery/commit/df1f69e4531f59b53a13b9fb24de21d82c02cd8c|df1f69e4>
    - Update build instructions for workaround for XCode SDK > 16.3 (#8650) osquery/osquery
  • g
    1 new commit pushed to 
    <https://github.com/osquery/osquery/tree/master|master>
    by zwass 
    <https://github.com/osquery/osquery/commit/ad587737720d0bcfc9a182ae7dcca626a65c5771|ad587737>
    - Fix 
    NSInvalidArgumentException
    when querying 
    connected_displays
    (#8628) osquery/osquery
  • p
    Hello everyone, I am new here . i need guidance to develop osquery extension of our EDR tool so that we can plugin with it, but confused from where we should start ?
    a
    r
    • 3
    • 5
  • i
    🚨 Going live in 1 hour! 🚨 We are hosting Fleet Device Management Live office hours, a livestream where we answer technical questions about Fleet and work on real code live. 🕕 Starts at 9:00 AM PDT / 12:00 PM EDT / 4:00 PM GMT 🔗 Join here: https://lnkd.in/ggsDZXW4 Whether you're deploying Fleet, hacking on osquery, or just curious how open source device management works, bring your questions. If it's quiet, I'll be working on bugs and building new features in public. No slides. No polish. Just engineering, live.
  • g
    1 new commit pushed to 
    <https://github.com/osquery/osquery/tree/master|master>
    by zwass 
    <https://github.com/osquery/osquery/commit/9c38cfcb788dd74389989682703684465d593262|9c38cfcb>
    - Update yara library from 4.2.3 -> 4.5.4 (#8643) osquery/osquery
  • g
    1 new commit pushed to 
    <https://github.com/osquery/osquery/tree/master|master>
    by directionless 
    <https://github.com/osquery/osquery/commit/ca9150537d84f04c6ebf2af49e601e7c69f5c441|ca915053>
    - Add version collate to os_version table's version column (#8659) osquery/osquery
  • g
    1 new commit pushed to 
    <https://github.com/osquery/osquery/tree/master|master>
    by zwass 
    <https://github.com/osquery/osquery/commit/48877a205b91d391204b4ebc1904be22c5a2ad1e|48877a20>
    - Add Cursor AI editor configurations (#8656) osquery/osquery
  • n
    Hello everyone, I am new here and I have a question related to extensions; I am running this query to get the extensions but I am getting state as empty irrespective of extension is enabled/disabled. Does anyone also faced the same issue?
    Copy code
    SELECT name, state, version FROM users CROSS JOIN chrome_extensions USING (uid) where name = 'my extension name';
    a
    • 2
    • 2
  • g
    1 new commit pushed to 
    <https://github.com/osquery/osquery/tree/master|master>
    by zwass 
    <https://github.com/osquery/osquery/commit/f361b5fd739340f3b871632ec3681debef7905e0|f361b5fd>
    - Further improvement to Cursor rules (#8662) osquery/osquery
  • g
    1 new commit pushed to 
    <https://github.com/osquery/osquery/tree/master|master>
    by zwass 
    <https://github.com/osquery/osquery/commit/4bd8782dbd678fe12be16d5e8ca7f0e275d6923b|4bd8782d>
    - Update Windows build instructions (#8661) osquery/osquery
  • k
    Hi, Is it possible to get the evented tables' events live using the extension socket?
    r
    • 2
    • 1
  • k
    if not, how can I get them?
  • g
    1 new commit pushed to 
    <https://github.com/osquery/osquery/tree/master|master>
    by zwass 
    <https://github.com/osquery/osquery/commit/6e0d1dbafd58cbd417ceb04306df7ca08f1242ee|6e0d1dba>
    - Add 
    entitlements
    column to macOS 
    signature
    table (#8666) osquery/osquery
  • g
    1 new commit pushed to 
    <https://github.com/osquery/osquery/tree/master|master>
    by zwass 
    <https://github.com/osquery/osquery/commit/bc67e7d9ab5a59323f7ebf55a5e549ad846141fb|bc67e7d9>
    - Add 
    system_profiler
    table for macOS (#8645) osquery/osquery
  • g
    1 new commit pushed to 
    <https://github.com/osquery/osquery/tree/master|master>
    by zwass 
    <https://github.com/osquery/osquery/commit/3f41dfb723c7db8d5ce5b6c72e3a932d646825d6|3f41dfb7>
    - Add support for VSCode forks in 
    vscode_extensions
    (#8664) osquery/osquery
    👌 2
  • g
    1 new commit pushed to 
    <https://github.com/osquery/osquery/tree/master|master>
    by zwass 
    <https://github.com/osquery/osquery/commit/95b48d60e514d64f5e3962b240906938b8d3d14a|95b48d60>
    - Fix inconsistent counter resets due to 
    Config::purge()
    (#8635) osquery/osquery
  • g
    1 new commit pushed to 
    <https://github.com/osquery/osquery/tree/master|master>
    by zwass 
    <https://github.com/osquery/osquery/commit/09d02a6ee8579d3d5bf2c87c9d749b77ab182329|09d02a6e>
    - Add table 
    deb_package_files
    (#8657) osquery/osquery
  • g
    Release - 5.19.0 New release published by zwass ## What's Changed ### Features • Add table 
    deb_package_files
    by @zwass in #8657 • Add 
    system_profiler
    table for macOS by @zwass in #8645 • Add version collate to 
    os_version
    table's 
    version
    column by @Micah-Kolide in #8659 • Add 
    entitlements
    column to macOS 
    signature
    table by @zwass in #8666 • Add support for VSCode forks in 
    vscode_extensions
    by @zwass in #8664 ### Bugfixes • Fix 
    NSInvalidArgumentException
    when querying 
    connected_displays
    by @Synse in #8628 • Fix inconsistent counter resets due to 
    Config::purge()
    by @skurpad7 in #8635 • Update linux 
    block_device
    and 
    disk_encryption
    source data to simple sysfs implementation by @Micah-Kolide in #8182 • Fix ATC for open Firefox databases by @zwass in #8631 ### Other • libs: yara: 4.2.3 -> 4.5.4 by @LeSuisse in #8643 • Upgrading zlib to 1.3.1 by @ksykulev in #8625 • Fix build for XCode SDK 16.4 by @lucasmrod in #8640 • Update build instructions for workaround for XCode SDK > 16.3 by @lucasmrod in #8650 • Add Cursor AI editor configurations by @zwass in #8656 • Further improvement to Cursor rules by @zwass in #8662 • Update Windows build instructions by @zwass in #8661 ## New Contributors • @Synse made their first contribution in #8628@skurpad7 made their first contribution in #8635 Full Changelog: 5.18.0...5.19.0 osquery/osquery
  • z
    Hey folks, osquery 5.19.0 is now available in pre-release for testing: https://github.com/osquery/osquery/releases/tag/5.19.0. Please file an issue if you run into anything!
    🎉 5
    👍 1
    f
    s
    • 3
    • 2
  • a
    QQ, I have a process that spawns osqueryd and I want my process to also be the config extension of osqueryd. If I pass 
    --config_plugin=mycustomconfig
    I’ll get an error saying this plugin is unknown. The example I know to work with config plugin work the opposite way:
    Copy code
    ./osqueryd --extension /path/to/config.ext --config_plugin=mycustomconfig
    but in this case osqueryd needs to spawn the extension binary. Is there any approach in which I can run osqueryd and register myself as config plugin without making it spawn a different process?
    s
    s
    • 3
    • 6
  • i
    🚨 Going live in 2 hours! 🚨 We are hosting Fleet Device Management Live office hours, a livestream where we answer technical questions about Fleet and work on real code live. 🕕 Starts at 9:00 AM PDT / 12:00 PM EDT / 4:00 PM GMT 🔗 Join here:

    https://www.youtube.com/watch?v=Qr6JT5414zI

  • g
    1 new commit pushed to 
    <https://github.com/osquery/osquery/tree/master|master>
    by directionless 
    <https://github.com/osquery/osquery/commit/fe46618d352ce25c5ac9b2218c4b540047016e3f|fe46618d>
    - Enhance issue description with automation note (#8679) osquery/osquery
  • p
    currently i am doing packet sniffing so that we can develop "osquery_extension" - during packet sniffing i want to store [Date | time |domain | URL | User | source& destination IP & port| TLS_certifying_authority | TLS_protocol, ------- I am trying with scapy library, # anyone suggest which library we should use so that we can capture all these details
    s
    • 2
    • 1
  • s
    Hi folks! I'm pleased to announce 5.19.0 is stable. https://osquery.io/downloads/official/5.19.0
    🎉 3
  • i
    🚨 Going live in 2 hours! 🚨 We are hosting Fleet Device Management Live office hours, a livestream where we answer technical questions about Fleet and work on real code live. 🕕 Starts at 9:00 AM PDT / 12:00 PM EDT / 4:00 PM GMT 🔗 Join here: https://www.youtube.com/live/BDTb5DQ4o74
  • g
    1 new commit pushed to 
    <https://github.com/osquery/osquery/tree/master|master>
    by zwass 
    <https://github.com/osquery/osquery/commit/f74a51f649d1bceba43b349008ab3b4cfcf0d0b0|f74a51f6>
    - Change dependency for macOS universal binary in CI workflow (#8667) osquery/osquery
  • g
    1 new commit pushed to 
    <https://github.com/osquery/osquery/tree/master|master>
    by zwass 
    <https://github.com/osquery/osquery/commit/a5030826256abb8a4174bcdf6007c4ef5238977d|a5030826>
    - Update CHANGELOG to point to Releases page. (#8681) osquery/osquery
  • g
    1 new commit pushed to 
    <https://github.com/osquery/osquery/tree/master|master>
    by zwass 
    <https://github.com/osquery/osquery/commit/b3e3f3b6fefe799f61191c1ebe5f2e44f0fe1390|b3e3f3b6>
    - Update dns_resolvers documentation to point to interface_details on Windows (#8682) osquery/osquery
  • g
    1 new commit pushed to 
    <https://github.com/osquery/osquery/tree/master|master>
    by zwass 
    <https://github.com/osquery/osquery/commit/1a4114c729b28a2f23c1c11466ab7e45ec6c9521|1a4114c7>
    - Fix build against libaudit >=4.1.1 by removing set_aumessage_mode call (#8676) osquery/osquery