https://github.com/osquery/osquery logo
Powered by
Title
z

Zachary Case

02/02/2022, 8:19 PM
👋 hey folks, I saw this video https://asciinema.org/a/302647 on 
process_dns_events
table in osquery and I think I remember it being mentioned before in an office hours call, is this something that is/will be added to osquery?
a

alessandrogario

02/02/2022, 10:54 PM
Hey Zachary! I ended up not implementing it since it requires a uprobe to trace glibc
So the major problem there is that if you run a binary that does not use the glibc installed on the system, or has a statically linked glibc
You won't be able to capture it because it will not trigger the uprobe
A dns resolution could also happen with a direct query via socket
6 Views
#generalJoin Slack
Powered by