Channels
doorman
infrastructure
random
zercurity
community-feeds
fleet-dev
code-review
queryhub
apple-silicon
carving
tls
fim
goquery
zentral
aws
querycon
golang
zeek
file-carving
fuzzing
auditing-warroom
linen-dev
fleetosquery
plugins
jobs
arm-architecture
darkbytes
process-auditing
uptycs
android_tests
selfgroup
vendor-feeds
fleet
eclecticiq-polylogyx-extension
ebpf
website
core
general
macos
kolide
osctrl
extensions
foundation
sql
officehours
linux
windows
Title
a
ag4ve
09/29/2022, 8:35 PMso, that talk where the guy showed a ./query-bpf (which I searched for and couldn’t find) that created and deployed a program and filter and showed the events - that’s possible in osquery?
think it was the talk about writing viaual bpf programs - i don’t much care about the visual part though, but being able to write a query and have everything deployed and get feedback sounds really slick
z
zwass
09/29/2022, 9:24 PMThis was something I asked @alessandrogario about in office hours this week. He says it will be possible to allow dynamic ebpf programs to be loaded in osquery (don't think there's a timeline yet).
a
alessandrogario
09/29/2022, 9:26 PMRelated https://asciinema.org/a/419326