For osquery 5, does it / will it require a System Extension to interface with the Endpoint Security API ?
09/15/2021, 6:56 PM
There's no system extension. The osquery binary is now packaged inside a .app bundle that has the appropriate entitlement to interface with the ES API. You shouldn't need to push a profile to allow that, though do note that you may need to update your Full Disk Access profile given the change in osquery install path.