https://github.com/osquery/osquery logo
Join Slack
Powered by
# general
  • g

    GitHub

    08/06/2025, 11:27 PM
    1 new commit pushed to
    <https://github.com/osquery/osquery/tree/master|master>
    by zwass
    <https://github.com/osquery/osquery/commit/f361b5fd739340f3b871632ec3681debef7905e0|f361b5fd>
    - Further improvement to Cursor rules (#8662) osquery/osquery
  • g

    GitHub

    08/07/2025, 4:58 PM
    1 new commit pushed to
    <https://github.com/osquery/osquery/tree/master|master>
    by zwass
    <https://github.com/osquery/osquery/commit/4bd8782dbd678fe12be16d5e8ca7f0e275d6923b|4bd8782d>
    - Update Windows build instructions (#8661) osquery/osquery
  • k

    Klaymen

    08/10/2025, 11:12 AM
    Hi, Is it possible to get the evented tables' events live using the extension socket?
    r
    • 2
    • 1
  • k

    Klaymen

    08/10/2025, 11:12 AM
    if not, how can I get them?
  • g

    GitHub

    08/12/2025, 10:50 PM
    1 new commit pushed to
    <https://github.com/osquery/osquery/tree/master|master>
    by zwass
    <https://github.com/osquery/osquery/commit/6e0d1dbafd58cbd417ceb04306df7ca08f1242ee|6e0d1dba>
    - Add
    entitlements
    column to macOS
    signature
    table (#8666) osquery/osquery
  • g

    GitHub

    08/12/2025, 10:50 PM
    1 new commit pushed to
    <https://github.com/osquery/osquery/tree/master|master>
    by zwass
    <https://github.com/osquery/osquery/commit/bc67e7d9ab5a59323f7ebf55a5e549ad846141fb|bc67e7d9>
    - Add
    system_profiler
    table for macOS (#8645) osquery/osquery
  • g

    GitHub

    08/12/2025, 10:52 PM
    1 new commit pushed to
    <https://github.com/osquery/osquery/tree/master|master>
    by zwass
    <https://github.com/osquery/osquery/commit/3f41dfb723c7db8d5ce5b6c72e3a932d646825d6|3f41dfb7>
    - Add support for VSCode forks in
    vscode_extensions
    (#8664) osquery/osquery
    👌 2
  • g

    GitHub

    08/13/2025, 6:15 PM
    1 new commit pushed to
    <https://github.com/osquery/osquery/tree/master|master>
    by zwass
    <https://github.com/osquery/osquery/commit/95b48d60e514d64f5e3962b240906938b8d3d14a|95b48d60>
    - Fix inconsistent counter resets due to
    Config::purge()
    (#8635) osquery/osquery
  • g

    GitHub

    08/13/2025, 7:28 PM
    1 new commit pushed to
    <https://github.com/osquery/osquery/tree/master|master>
    by zwass
    <https://github.com/osquery/osquery/commit/09d02a6ee8579d3d5bf2c87c9d749b77ab182329|09d02a6e>
    - Add table
    deb_package_files
    (#8657) osquery/osquery
  • g

    GitHub

    08/13/2025, 7:35 PM
    Release - 5.19.0 New release published by zwass ## What's Changed ### Features • Add table
    deb_package_files
    by @zwass in #8657 • Add
    system_profiler
    table for macOS by @zwass in #8645 • Add version collate to
    os_version
    table's
    version
    column by @Micah-Kolide in #8659 • Add
    entitlements
    column to macOS
    signature
    table by @zwass in #8666 • Add support for VSCode forks in
    vscode_extensions
    by @zwass in #8664 ### Bugfixes • Fix
    NSInvalidArgumentException
    when querying
    connected_displays
    by @Synse in #8628 • Fix inconsistent counter resets due to
    Config::purge()
    by @skurpad7 in #8635 • Update linux
    block_device
    and
    disk_encryption
    source data to simple sysfs implementation by @Micah-Kolide in #8182 • Fix ATC for open Firefox databases by @zwass in #8631 ### Other • libs: yara: 4.2.3 -> 4.5.4 by @LeSuisse in #8643 • Upgrading zlib to 1.3.1 by @ksykulev in #8625 • Fix build for XCode SDK 16.4 by @lucasmrod in #8640 • Update build instructions for workaround for XCode SDK > 16.3 by @lucasmrod in #8650 • Add Cursor AI editor configurations by @zwass in #8656 • Further improvement to Cursor rules by @zwass in #8662 • Update Windows build instructions by @zwass in #8661 ## New Contributors • @Synse made their first contribution in #8628 • @skurpad7 made their first contribution in #8635 Full Changelog: 5.18.0...5.19.0 osquery/osquery
  • z

    zwass

    08/13/2025, 9:33 PM
    Hey folks, osquery 5.19.0 is now available in pre-release for testing: https://github.com/osquery/osquery/releases/tag/5.19.0. Please file an issue if you run into anything!
    🎉 5
    👍 1
    f
    s
    • 3
    • 2
  • a

    Amit Shani

    08/26/2025, 1:22 PM
    QQ, I have a process that spawns osqueryd and I want my process to also be the config extension of osqueryd. If I pass
    --config_plugin=mycustomconfig
    I’ll get an error saying this plugin is unknown. The example I know to work with config plugin work the opposite way:
    Copy code
    ./osqueryd --extension /path/to/config.ext --config_plugin=mycustomconfig
    but in this case osqueryd needs to spawn the extension binary. Is there any approach in which I can run osqueryd and register myself as config plugin without making it spawn a different process?
    s
    s
    • 3
    • 6
  • i

    Irena Reedy

    08/27/2025, 2:17 PM
    🚨 Going live in 2 hours! 🚨 We are hosting Fleet Device Management Live office hours, a livestream where we answer technical questions about Fleet and work on real code live. 🕕 Starts at 9:00 AM PDT / 12:00 PM EDT / 4:00 PM GMT 🔗 Join here:

    https://www.youtube.com/watch?v=Qr6JT5414zI▾

  • g

    GitHub

    08/27/2025, 7:41 PM
    1 new commit pushed to
    <https://github.com/osquery/osquery/tree/master|master>
    by directionless
    <https://github.com/osquery/osquery/commit/fe46618d352ce25c5ac9b2218c4b540047016e3f|fe46618d>
    - Enhance issue description with automation note (#8679) osquery/osquery
  • p

    Priya Dwivedi

    09/05/2025, 8:14 AM
    currently i am doing packet sniffing so that we can develop "osquery_extension" - during packet sniffing i want to store [Date | time |domain | URL | User | source& destination IP & port| TLS_certifying_authority | TLS_protocol, ------- I am trying with scapy library, # anyone suggest which library we should use so that we can capture all these details
    s
    • 2
    • 1
  • s

    seph

    09/08/2025, 1:33 AM
    Hi folks! I'm pleased to announce 5.19.0 is stable. https://osquery.io/downloads/official/5.19.0
    🎉 3
  • g

    GitHub

    09/10/2025, 6:55 PM
    1 new commit pushed to
    <https://github.com/osquery/osquery/tree/master|master>
    by zwass
    <https://github.com/osquery/osquery/commit/f74a51f649d1bceba43b349008ab3b4cfcf0d0b0|f74a51f6>
    - Change dependency for macOS universal binary in CI workflow (#8667) osquery/osquery
  • g

    GitHub

    09/10/2025, 11:20 PM
    1 new commit pushed to
    <https://github.com/osquery/osquery/tree/master|master>
    by zwass
    <https://github.com/osquery/osquery/commit/a5030826256abb8a4174bcdf6007c4ef5238977d|a5030826>
    - Update CHANGELOG to point to Releases page. (#8681) osquery/osquery
  • g

    GitHub

    09/10/2025, 11:21 PM
    1 new commit pushed to
    <https://github.com/osquery/osquery/tree/master|master>
    by zwass
    <https://github.com/osquery/osquery/commit/b3e3f3b6fefe799f61191c1ebe5f2e44f0fe1390|b3e3f3b6>
    - Update dns_resolvers documentation to point to interface_details on Windows (#8682) osquery/osquery
  • g

    GitHub

    09/11/2025, 12:49 AM
    1 new commit pushed to
    <https://github.com/osquery/osquery/tree/master|master>
    by zwass
    <https://github.com/osquery/osquery/commit/1a4114c729b28a2f23c1c11466ab7e45ec6c9521|1a4114c7>
    - Fix build against libaudit >=4.1.1 by removing set_aumessage_mode call (#8676) osquery/osquery
  • g

    GitHub

    09/18/2025, 4:44 PM
    1 new commit pushed to
    <https://github.com/osquery/osquery/tree/master|master>
    by zwass
    <https://github.com/osquery/osquery/commit/05ddd2b6ba90529614f1bcab199be4594820b16b|05ddd2b6>
    - libs: libarchive: 3.7.9 -> 3.8.1 (#8642) osquery/osquery
  • t

    Toni Sanmateu

    09/19/2025, 4:46 PM
    Hi! 🙂 Would really appreciate a hand on this issue 🙏 Thanks a lot in advance
  • g

    GitHub

    09/29/2025, 5:11 PM
    1 new commit pushed to
    <https://github.com/osquery/osquery/tree/master|master>
    by zwass
    <https://github.com/osquery/osquery/commit/05b741229d91189acb019e3923c3f5075e088a3d|05b74122>
    - Add default path for CA certificate bundle on openSUSE (#8687) osquery/osquery
  • g

    GitHub

    10/03/2025, 12:40 PM
    1 new commit pushed to
    <https://github.com/osquery/osquery/tree/master|master>
    by directionless
    <https://github.com/osquery/osquery/commit/cab5fc757f3d70133061ead5a505ae07768049ab|cab5fc75>
    - Exclude config views from db migration (#8678) osquery/osquery
  • g

    GitHub

    10/07/2025, 1:07 PM
    1 new commit pushed to
    <https://github.com/osquery/osquery/tree/master|master>
    by directionless
    <https://github.com/osquery/osquery/commit/ac3b20691dac898ee63fdc7bb6e2d2eec9f61bc7|ac3b2069>
    - Stop trying to install strawberry perl on the windows CI runners (#8698) osquery/osquery
  • g

    GitHub

    10/07/2025, 1:07 PM
    1 new commit pushed to
    <https://github.com/osquery/osquery/tree/master|master>
    by directionless
    <https://github.com/osquery/osquery/commit/a34034a5bff1d4addb8d32b40dd28ec4097f34d9|a34034a5>
    - Free diskspace on linux CI runners (#8697) osquery/osquery
  • g

    GitHub

    10/07/2025, 5:33 PM
    1 new commit pushed to
    <https://github.com/osquery/osquery/tree/master|master>
    by zwass
    <https://github.com/osquery/osquery/commit/56473dc9fd428e5de2e1eb11078de152bcce544d|56473dc9>
    - Make
    vscode_extensions
    more consistently report UUID (#8693) osquery/osquery
  • g

    GitHub

    10/07/2025, 5:34 PM
    1 new commit pushed to
    <https://github.com/osquery/osquery/tree/master|master>
    by zwass
    <https://github.com/osquery/osquery/commit/181ac85d48542de41c8bb10e60713ef9c6018b81|181ac85d>
    - Don't overwrite hardware_version if it has a value (#8690) osquery/osquery
  • g

    GitHub

    10/07/2025, 5:42 PM
    1 new commit pushed to
    <https://github.com/osquery/osquery/tree/master|master>
    by zwass
    <https://github.com/osquery/osquery/commit/9fdcd51bb2cbfc81b487cf9bc48f3b3aa2226bbb|9fdcd51b>
    - Support
    nvm
    on
    npm_packages
    table (#8694) osquery/osquery
  • z

    zwass

    10/08/2025, 4:20 PM
    Whoops, we accidentally posted promotional content into this channel rather than #C01DXJL16D8. Sorry about that. Now deleted.
    ty 1