Guys, I'm pretty new to osquery, and wanted to ask...
# generaly
Yury Gorshkov
08/15/2023, 2:21 PMGuys, I'm pretty new to osquery, and wanted to ask a few Q's. We're using FleetDM at the moment.
• On Windows, can I get an alert if there was a recent detection by Defender?
• On Linux (Ubuntu Unity/Gnome), maybe somebody does have a query that can show if the screen lock timeout is set up?
s
seph
08/15/2023, 2:44 PM
If these are #C01DXJL16D8 specific questions, you want #C01DXJL16D8
seph
08/15/2023, 2:45 PM
For general osquery, I’m not sure how windows defender works. that sounds maybe it’s in an event log somewhere?
for gnome, I’m not sure how to find the screenlock timeout. I know how to get it via an exec (and this is what Kolide does) And I kinda know how to get it if you stitch together a bunch of files. But I don’t think plain osquery supports it, and I don’t know what Fleet is doing
y
Yury Gorshkov
08/15/2023, 3:01 PMI know Vanta can grab screen lock timeout from Ubuntu machines 🙂
s
seph
08/15/2023, 3:03 PM
I know vanta ships an extension. I don’t know what it does under the hood, or how accurate it is.
s
sharvil
08/15/2023, 4:09 PMI wonder if there is a dbus API
2 Views