Channels
doorman
infrastructure
random
zercurity
community-feeds
fleet-dev
code-review
queryhub
apple-silicon
carving
tls
fim
goquery
zentral
aws
querycon
golang
zeek
file-carving
fuzzing
auditing-warroom
linen-dev
fleetosquery
plugins
jobs
arm-architecture
darkbytes
process-auditing
uptycs
android_tests
selfgroup
vendor-feeds
fleet
eclecticiq-polylogyx-extension
ebpf
website
core
general
macos
kolide
osctrl
extensions
foundation
sql
officehours
linux
windows
Title
n
natewalck
09/15/2021, 6:35 PMFor osquery 5, does it / will it require a System Extension to interface with the Endpoint Security API ?
z
zwass
09/15/2021, 6:56 PMThere's no system extension. The osquery binary is now packaged inside a .app bundle that has the appropriate entitlement to interface with the ES API. You shouldn't need to push a profile to allow that, though do note that you may need to update your Full Disk Access profile given the change in osquery install path.
👍 2
n
natewalck
09/15/2021, 7:03 PMCool. It was a little jarring to see the .app and no system extension 🙂
Crowdstrike, santa, et all use the SystemExtension since they need to take action I guess vs read only on osquery