For osquery 5, does it / will it require a System ...
# macosn
natewalck
09/15/2021, 6:35 PMFor osquery 5, does it / will it require a System Extension to interface with the Endpoint Security API ?
z
zwass
09/15/2021, 6:56 PM
There's no system extension. The osquery binary is now packaged inside a .app bundle that has the appropriate entitlement to interface with the ES API. You shouldn't need to push a profile to allow that, though do note that you may need to update your Full Disk Access profile given the change in osquery install path.
👍 2
n
natewalck
09/15/2021, 7:03 PMCool. It was a little jarring to see the .app and no system extension 🙂
natewalck
09/15/2021, 7:03 PMCrowdstrike, santa, et all use the SystemExtension since they need to take action I guess vs read only on osquery
6 Views