Osquery uses basic SQL commands to leverage a relational data-model to describe a device.

osquery

Hi everyone, I am trying to create an extension using cpp which communicates with the osquery via thrift api(for live querying). Any suggestions where should I start from, and is there any simple way to install the osquery library for it on windows, like vcpkg?

Hi Dhruv. You can check out the <#CBMR0L7SM|extensions> channel here, study <https://github.com/osquery/osquery/tree/master/external/examples|the example extensions>, or the extensions by Trail of Bits <https://github.com/trailofbits/osquery-extensions>

The process of building your extension is explained in the docs but it's not as easy as installing a developer library. <https://osquery.readthedocs.io/en/latest/development/osquery-sdk/>

Yeah, it seems so :stuck_out_tongue:. The examples and trail of bits extensions seem great though. Thanks for your help, Mike! :smile: