Heya - I wanted to know the best way to post FIM events to a remote API. When I try to run the query and pipe it osqueryi, nothing returns in json format. I suspect this probably isn't the best way to accomplish this (and probably because the daemon vs client scenario)... any thoughts?

You could create a logger plugin that sends the results to the remote API of your choice

Thanks I'll check it out!