Grigory Emelianov
06/23/2023, 1:48 PMallister
06/23/2023, 2:14 PMallister
06/23/2023, 2:17 PMioreg
(which is where I’m assuming the value is being pulled from by the table)?oneiroi
07/11/2023, 12:05 PMapps
table (macOS) && is handling the version comparison differently thanks !Anuj Kharbanda
07/28/2023, 11:53 AMunified_log
table.
However, the problem is that this table returns data from earliest to latest and in patches of 100, so using "ORDER BY" does not work as expected for the entire data. Even if I try to use a normal query or paginate the response, it still fetches older data first.
Is there a way I can achieve this? (Fetch latest 100 logs from Unified logs)
Thanks !!np5
08/02/2023, 10:03 AMnp5
08/02/2023, 10:03 AMnp5
08/02/2023, 10:03 AM<dict>
[…]
<key>PayloadType</key>
<string>com.apple.system-extension-policy</string>
<key>AllowUserOverrides</key>
<true/>
<key>AllowedSystemExtensions</key>
<dict>
<key>EQHXZ8M8AV</key>
<array>
<string>com.google.santa.daemon</string>
</array>
</dict>
<key>AllowedSystemExtensionTypes</key>
<dict>
<key>EQHXZ8M8AV</key>
<array>
<string>EndpointSecurityExtension</string>
</array>
</dict>
</dict>
+-----------------------------------+--------------------------------------+-----------------------------+--------------+---------------------------+----------+--------+
| domain | uuid | name | key | value | username | manual |
+-----------------------------------+--------------------------------------+-----------------------------+--------------+---------------------------+----------+--------+
| com.apple.system-extension-policy | 00000000-0000-0000-0000-000000000000 | AllowUserOverrides | | 1 | | 0 |
| com.apple.system-extension-policy | 00000000-0000-0000-0000-000000000000 | AllowedSystemExtensions | EQHXZ8M8AV.0 | com.google.santa.daemon | | 0 |
| com.apple.system-extension-policy | 00000000-0000-0000-0000-000000000000 | AllowedSystemExtensionTypes | EQHXZ8M8AV.0 | EndpointSecurityExtension | | 0 |
+-----------------------------------+--------------------------------------+-----------------------------+--------------+---------------------------+----------+--------+
np5
08/02/2023, 10:17 AMKathy Satterlee
08/09/2023, 11:09 PMconfig.pvs
for a Parallels VM with osquery? Working on grabbing performance data for VMs and would like to grab CPU, RAM and disk allocation settings along with the other data I'm grabbing about the running process.Steve Poe
09/02/2023, 3:12 AMMike Krygier
09/23/2023, 1:03 AMallister
09/23/2023, 2:07 PMMehmet
09/27/2023, 10:51 AMsignature
table works on macOS in terms of the validation of a signature. I have a binary which has a valid ad-hoc signature(no team identifier and authority is available). I would expect the is_signed
value to be 0
, but I'm getting 1
. Is it an expected behavior for being signed when there is a valid signature without team identifier and authority?Jakob Magun
10/03/2023, 10:56 AMGary
10/03/2023, 7:15 PMselect * from disk_encryption;
query, it doesn't seem to give me the correct result for encryption_status
and filevault_status
. How can I fix this issue? Thanks.Guilherme Monteiro
10/05/2023, 11:51 AMAkash Patel
10/06/2023, 4:31 PMPriya Jagyasi
10/09/2023, 10:15 AMallister
10/09/2023, 11:17 AMMehmet
10/11/2023, 8:13 AMallister
10/11/2023, 9:01 AMJakob Magun
10/15/2023, 10:53 AMwdavdaemon
process is running but this will not assure that realtime protection is actually enabled. The command mdatp health
provides status information. Any ideas for a solution?Glen
10/25/2023, 2:47 PMbioutil
command, but that isn’t great for change detection. Maybe there’s a way to query changes via asl
logging? Asking here because possibly someone has already figured this out?Kiwito
11/01/2023, 5:35 PMtlark
11/09/2023, 4:34 PMScott Bonar
11/20/2023, 6:38 PMRafa Bono
11/30/2023, 9:43 AMcrontab
table is returning nothing. But having results by running crontab -l
. Am I missing anything?lvferdi
12/06/2023, 3:22 PMallister
12/06/2023, 3:27 PM