Channels
android_tests
apple-silicon
arm-architecture
auditing-warroom
aws
carving
code-review
community-feeds
core
darkbytes
doorman
ebpf
eclecticiq-polylogyx-extension
extensions
file-carving
fim
fleet
fleet-dev
fleetosquery
foundation
fuzzing
general
golang
goquery
infrastructure
jobs
kolide
linen-dev
linux
macos
officehours
osctrl
plugins
process-auditing
querycon
queryhub
random
selfgroup
sql
tls
uptycs
vendor-feeds
website
windows
zeek
zentral
zercurity
general
- k
Kiran Nunna
03/02/2023, 5:10 PMHi Team, is there any relation between Apps and Processes table (for Mac)? We have a use-case, to determine the list of processes for a given application. - y
y0d4
03/03/2023, 11:55 AMHello, does osquery support ventura 13 macos?s- 2
- 4
- y
y0d4
03/03/2023, 4:39 PMI saw that i can read openbsm audit logs with osquery, so if i good understand osqury know to decode obsm auditd logs? if yes, is there little explanation about it? i want to integrate to Wazuh, so flow will be something like: OS command - obsm audit get that command - osquery read it and put in human readable format in results log - wazuh take that log and forward to manager (siem) - o
Oleksii Siechko
03/05/2023, 3:50 PMHello guys, Im a newbie in osquery. Look, I have a question. I need to develop osquery new custom table where I can put my data. Also, from the plugin, I need to run the bash command with sudo and output from the command put into a table. It should be running in the background. Later, from another tool that doesn't have sudo permissions grab information from osquery table. Does it possible or not?jss- 4
- 28
- d
Dmytro Liakhov
03/07/2023, 12:22 PMhey folks, I am newbie in osquery. Our team runs osquery daemon on the computers with installed Cent OS. We have some golang app which is running in the docker container and connecting to osquery using osquery socket file. And we found the issue that after reboot of the computer we can't get records from the
table using our golang app, But if we run the same query viahardware_events
- it returns such events. In the golang app it just returns empty response. This issues stops to be reproducible after I restart osquery daemon - but this trick doesn't always help. I can't see any specific errors in the logs. could somebody help to troubleshoot this issue?osqueryis- 2
- 14
- d
Dmytro Liakhov
03/07/2023, 12:24 PMI suppose it could be issue with
client library. Does somebody know how can I send command directly to execute the query to osquery socket file using for example netcat?osquery-go - s
Suryaraj Timsina
03/10/2023, 3:32 PMHi All, I was trying to build the osquery from the source and installing in the different directory in Ubuntu. It seems like CMAKE_PACKAGING_INSTALL_PREFIX is not used anywhere in the project. osquery CMake Warning: Manually-specified variables were not used by the project: _CMAKE_PACKAGING_INSTALL_PREFIX_ CMAKE _cmake -DCMAKE_BUILD_TYPE=RelWithDebInfo \_ _-DCPACK_GENERATOR=TGZ \_ _-DOSQUERY_PACKAGE_VERSION=5.2.3 \_ _-DOSQUERY_DATA_PATH=/home/vagrant/osquery/build/package_data \_ _-DCMAKE_INSTALL_PREFIX='/opt/hello' \_ _-DOSQUERY_SOURCE_DIRECTORY_LIST='osquery-src-path;osquery-build-path' \_ ../osquery-packaging Am i the only getting this? - p
Pankaj Singh
03/12/2023, 5:44 AMHI All, I just want to know if fleet is open sourced for commercial use?c- 2
- 2
- n
nick fury
03/13/2023, 9:31 AMwhat is the oldest version of osquery that supports windows server 2022s- 2
- 2
- k
Kaushik
03/13/2023, 10:27 AMHello All, I wanted to know if there is any way to obtain CPU usage in Windows using osquery?s- 2
- 2
- w
Wyatt Xu
03/14/2023, 2:50 AMHello, OSQuery team, I found the 5.8.1 is in pre-release status for about two weeks. https://github.com/osquery/osquery/releases/ May I know when the build will be ready for formal Release? Thanks a lot!s- 2
- 1
- w
Wyatt Xu
03/14/2023, 7:36 AMHi @alessandrogario, Could you please give some schedule regarding the release time? Thanks a lot! - s
seph
03/14/2023, 5:35 PMI’m pleased to announce osquery 5.8.1 is stable! Release notes and website updates coming soon - w
Wyatt Xu
03/15/2023, 1:35 AMThanks a lot, @seph! - d
Daniel Cross
03/16/2023, 5:17 AMAnyone know if there is an
type of capability with OSQuery? I think not but maybe I’m missing a way to do this. Could be a good first contribution task for me 🤔 http://ftp.rpm.org/max-rpm/ch-rpm-verify.htmlrpm --verifys- 2
- 2
- g
github
03/17/2023, 7:55 PM[osquery:master] 1 new commit by bgirardeau-figma:
Fix username field for managed_policy table (#7944) - bgirardeau-figma<https://github.com/osquery/osquery/commit/ba4f8581f579c698b62adc426130ed8f45fe4667|ba4f858> - w
wennan.he
03/19/2023, 1:02 AMHi osquery team, could u suggest the err "database or disk is full" I c return by query "select * from listening_ports, process_open_sockets;" - m
mohit vasoya
03/20/2023, 9:16 AMwhen i add host to fleet server i got an error "localhost.localdomain fleet[6390]: 2023/03/20 13:39:56 http: TLS handshake error from 172.16.1.106:44924: remote error: tls: bad certificate".s- 2
- 2
- a
Andrew Zick
03/20/2023, 7:41 PMHi there, this might be an obvious question, but I was wondering where osquery gets the
field from on Windows, as part of theuuid
table? https://github.com/osquery/osquery/blob/ba4f8581f579c698b62adc426130ed8f45fe4667/specs/utility/osquery_info.table#L5 Does it come from here? https://github.com/osquery/osquery/blob/ba4f8581f579c698b62adc426130ed8f45fe4667/osquery/core/system.cpp#LL141C28-L141C55osquery_infom- 2
- 2
- w
wennan.he
03/20/2023, 8:32 PMcould someone help on https://osquery.slack.com/archives/C08V7KTJB/p1679187767332909?s- 2
- 5
- g
github
03/21/2023, 2:17 AM[osquery:master] 1 new commit by seph:
CHANGELOG 5.8.1 (#7957) - seph<https://github.com/osquery/osquery/commit/954159fbfc3a385887ba73861fa62dc9f42500c9|954159f> - g
github
03/21/2023, 1:11 PM[osquery:master] 1 new commit by Marcos Oviedo:
Setting COM security per interface level instead of using CoInitializeSecurity (#7963) - Marcos Oviedo<https://github.com/osquery/osquery/commit/c9a72f7ba2d2c5fb92467cd510fb73844eef3d19|c9a72f7> - g
github
03/22/2023, 2:26 AM[osquery:master] 1 new commit by bgirardeau-figma:
Fix empty results in batch logs (#7958) - bgirardeau-figma<https://github.com/osquery/osquery/commit/fa315834892682b009316538ce95ac53663f965a|fa31583> - g
github
03/22/2023, 2:28 AM[osquery:master] 1 new commit by Stefano Bonicatti:
tests: Do not always build root tests on Linux (#7966) - Stefano Bonicatti<https://github.com/osquery/osquery/commit/31697479247e82d1f159639745cc83b9dad94a61|3169747> - g
github
03/22/2023, 2:28 AM[osquery:master] 1 new commit by Stefano Bonicatti:
test: Fix SystemdUnitsTest missing the unit_file_state column (#7965) - Stefano Bonicatti<https://github.com/osquery/osquery/commit/4b4f38c638e178a428378602cc5b844296bd95d4|4b4f38c> - g
github
03/22/2023, 2:29 AM[osquery:master] 1 new commit by Stefano Bonicatti:
tests: Fix some tests becoming osquery shells (#7964) - Stefano Bonicatti<https://github.com/osquery/osquery/commit/b8d1c2071c25865706f891d1c45bde8612ba883f|b8d1c20> - g
github
03/22/2023, 2:29 AM[osquery:master] 1 new commit by Alessandro Gario:
cmake: Only link against the experiments loader when needed (#7959) - Alessandro Gario<https://github.com/osquery/osquery/commit/f9163109e297caa2a328ebef8818252e808202d9|f916310> - g
github
03/22/2023, 8:45 AM[osquery:master] 1 new commit by Stefano Bonicatti:
test: Do not always expect a row from the secureboot table (#7967) - Stefano Bonicatti<https://github.com/osquery/osquery/commit/f7feecc120564d593126f75341c3af6b048a8b9a|f7feecc> - n
Nemanja
03/22/2023, 1:32 PMHi! I am trying to figure out how to send data from FleetDM to Elastic in order to visualize it in Kibana.s- 2
- 2
Title
n
Nemanja
03/22/2023, 1:32 PMHi! I am trying to figure out how to send data from FleetDM to Elastic in order to visualize it in Kibana.
s
seph
03/22/2023, 1:33 PMI’d recommend asking that on #fleet
n
Nemanja
03/22/2023, 1:33 PMThanks, will do that!
View count: 14