Hi everyone. Have anybody seen or create a query a...
# generalw
William Guilherme
07/30/2020, 5:07 AMHi everyone. Have anybody seen or create a query able to perform geolocation? either by querying an external source or pointing a range of IPs? Thank you
s
seph
07/30/2020, 5:27 AM
There are some tables that have information that can be used for geolocation. wifi ssids, for example. Though I also think that one has gone through some changes on what apple exposes.
seph
07/30/2020, 5:28 AM
IP addresses are a bit weirder. osquery only has access to what the machine thinks it’s IP address is. not what the external IP of any NAT interfaces are.
seph
07/30/2020, 5:28 AM
So either you have a server that looks at inbound connections, you use the curl table to hit something, or you can’t reliably get external IP
d
defensivedepth
07/30/2020, 12:49 PMYou could hit an API like this to get the public IP:
z
zwass
07/30/2020, 6:13 PM
I discuss a strategy like the one suggested by @defensivedepth in https://dactiv.llc/blog/locate-assets-with-osquery/
w
William Guilherme
07/30/2020, 8:11 PMThank you gentleman. This was super helpful. Much appreciated.
3 Views