Osquery uses basic SQL commands to leverage a relational data-model to describe a device.

osquery

a question about the yara server <https://osquery.readthedocs.io/en/stable/deployment/yara/>
"yara": {
   "signature_urls": {
     "sig_url_1": "<https://raw.githubusercontent.com/Yara-Rules/rules/master/cve_rules/CVE-2010-0805.yar>",
     "sig_url_2": "<https://raw.githubusercontent.com/Yara-Rules/rules/master/crypto/crypto_signatures.yar>",
     "sig_url_3": "<https://raw.githubusercontent.com/Yara-Rules/rules/master/malware/APT_APT3102.yar>"
   }
 }

does the rule that is at that at the URL should be with quotes or without?

It has quotes, but I suggest checking the “latest” link (<https://osquery.readthedocs.io/en/latest/deployment/yara/>), because the whole format to express those url was incorrect in the wiki. The PR implementing it originally had that format but then it was changed before merging it.

i'm using osquery 4.8,
```"yara": {
  "signature_urls": [
    "<https://raw.githubusercontent.com/Yara-Rules/rules/master/cve_rules/CVE-2010-0805>\\.yar",
    "<https://raw.githubusercontent.com/Yara-Rules/rules/master/crypto/crypto_signatures>\\.yar",
    "<https://raw.githubusercontent.com/Yara-Rules/rules/master/malware/APT_APT3102>\\.yar",
    "<https://raw.githubusercontent.com/Yara-Rules/rules/devel/CVE_Rules/CVE-.*>"
  ]
}```
does it still possible there?

Yes, the format never was the one on the wiki