Julian Scala09/11/2020, 6:33 PM
represents? I am trying to figure a query that gets either if Bitlocker is enabled or not. I was using that column to be
as Bitlocker is enabled but now I am seeing results with
but Bitlocker is in fact enabled.
farfella09/26/2020, 10:31 PM
William Guilherme10/05/2020, 9:12 PM
*SELECT* firewall, autoupdate, antivirus, antispyware, internet_settings, windows_security_center_service, user_account_control *FROM* windows_security_center *WHERE* firewall *LIKE 'Good' AND* autoupdate *LIKE 'Good' AND* antivirus *LIKE 'Good' AND* antispyware *LIKE 'Good' AND* internet_settings *LIKE 'Good' AND* windows_security_center_service *LIKE 'Good' AND* user_account_control *LIKE 'Good';*
ApoC10/15/2020, 9:32 AM
duongtt10/19/2020, 6:49 AM
So, this will be resulted as uuid from
. But now, I would like to send my own id, ex:
select uuid from system_info
This will make the osquery use
to fill in
field. In summary, could I send my own id for this
field? and how could I do that? Thank you very much!
Tej Gandhi10/19/2020, 3:06 PM
koba10/20/2020, 9:45 AM
as a process I am able to enroll my windows host. But when i configure a
. Same host doesn't come online in my Kolide web console. I have also enabled
as described here. Event logs also doesn't show any entries. Where to look for further troubleshooting? PS: I'm using
Windows Event Log support
for configuring the my service.
mbmy10/26/2020, 8:26 PM
mbmy10/26/2020, 8:27 PM
Tej Gandhi10/27/2020, 2:38 PM
Tej Gandhi10/28/2020, 3:24 PM
Pete11/03/2020, 4:11 PM
sundsta11/09/2020, 7:42 PM
Magneto11/12/2020, 11:17 PM
Ahmed Awadelkarim11/23/2020, 2:03 PM
I installed osquery as a service
W1123 14:02:02.860316 1260 tls.cpp:101] Cannot read TLS server certificate(s): 'C:\Program files\osquery\certs\<cert_pem>' W1123 14:02:02.875946 1260 tls_enroll.cpp:77] Failed enrollment request to https://<tls_host_fqdn>/osquery/enroll (Request error: certificate verify failed) retrying...
choco install osquery --params=/InstallService
clong12/02/2020, 7:35 PM
sigfile LIKE 'c:\path\to\yara\%.yar
clong12/02/2020, 8:08 PM
I don't know why osquery seems to think i'm passing in some garbage arguments or something.
PS C:\Windows\System32\WindowsPowerShell\v1.0> osqueryi osqueryi : Error: incomplete SQL: ∩╗┐
Luke R12/04/2020, 7:07 PM
fritz12/09/2020, 2:03 PM
if(NOT SKIP_TSK AND NOT WINDOWS) list(APPEND TABLE_CATEGORIES "sleuthkit") endif()
fritz12/09/2020, 2:14 PM
SK12/21/2020, 11:28 AM
with any path or file doesn't seem to give any results.
select * from ntfs_acl_permissions where path LIKE
Brandon12/31/2020, 5:38 PM
? How are you going about it since
missing windows patches
table only return installed patches
himanshu01/08/2021, 7:40 AM
please confirm if i am missing something. thanks.
Error: no such table: atom_packages
Jordi Garcia01/08/2021, 6:03 PM
asparamancer01/15/2021, 4:29 PM
via osqueryi it returns
select user_account_control as value from windows_security_center;
, but when run from a tls config it consistently returns
I've checked these within a few minutes of the query running, anyone seen this?
arod02/02/2021, 11:55 PM
select * from powershell_events;