For osquery 5 does it will it require a System Extension to

Question

For osquery 5 does it will it require a System Extension to interface with the Endpoint Security API

zwass · Answer

There s no system extension The osquery binary is now packaged inside a app bundle that has the appropriate entitlement to interface with the ES API You shouldn t need to push a profile to allow that though do note that you may need to update your Full Disk Access profile given the change in osquery install path

natewalck · Answer

Cool It was a little jarring to see the app and no system extension slightly smiling face

natewalck · Answer

Crowdstrike santa et all use the SystemExtension since they need to take action I guess vs read only on osquery