Is there any support of `osquery tables for windows` command osquery #general

Is there any support of `osquery tables for window...

Zweasta

06/19/2020, 3:33 PM

Is there any support of

osquery tables for windows

command "`netsh firewall show state`" ?

Mike Myers

06/19/2020, 6:23 PM

Trail of Bits has an extension that you might be interested in

Mike Myers

06/19/2020, 6:23 PM

https://github.com/trailofbits/osquery-extensions/tree/master/fwctl

Zweasta

06/19/2020, 8:27 PM

@Mike Myers Thanks for this.. I am having a problem with building the osquery with the extensions.. Can you help ?

Zweasta

06/19/2020, 9:03 PM

@Mike Myers Also I used fwctl extension, it has 2 tables associated to HOST and PORT blocking. However its like using those tables to configure the firewall, but the problem is

how can I see all the open ports using fwctl

Mike Myers

06/22/2020, 10:08 PM

There may be an issue that needs fixing, if you can report it here we will revisit this repo soon. https://github.com/trailofbits/osquery-extensions/issues

Mike Myers

06/22/2020, 10:10 PM

I think the design of the extension may not allow you to answer the question

how can I see all the open ports

if that would require interpreting all of the existing firewall rules. Our extension might only list the things that are explicitly blocked.

Zweasta

06/23/2020, 2:10 AM

@Mike Myers Do you guys plan on implementing such a feature like

showing all the open ports by interpreting all the firewall rules

Mike Myers

06/23/2020, 4:41 PM

There are no plans for additional development on those extensions at the moment, no

Zweasta

06/23/2020, 6:38 PM

Okay..

3 Views

Open in Slack

Previous Next