https://github.com/osquery/osquery logo
Powered by
#general
Title
# general
j

joe b

04/23/2020, 8:18 PM
Does anyone know what Osquery can do that jamf can’t do ?
f

fritz

04/23/2020, 8:46 PM
Query Windows and Linux devices
t

terracatta

04/23/2020, 8:48 PM
Joe, jamf can basically get anything with extension attributes but it tends to be a giant pain. compare
Copy code
select serial_number from battery;
to...
Copy code
<?xml version="1.0" encoding="UTF-8"?>
<extensionAttribute>
	<displayName>Battery Serial Number</displayName>
	<displayInCategory>System Information</displayInCategory>
	<dataType>string</dataType>
	<description>This attribute returns serial number of the battery, if installed.</description>
	<scriptContentsMac>#!/bin/sh

echo "<result>$(ioreg -r -c "AppleSmartBattery" | grep "BatterySerialNumber" | awk '{print $3}' | sed s/\"//g)</result>"
	</scriptContentsMac>
</extensionAttribute>
You are often greping/seding/awking the output of CLI tools that change frequently. In osquery, it's usually hitting the native operating system APIs
this 3
j

joe b

04/23/2020, 9:15 PM
Oh yeah that does sound like a pain. I rather use SQL than writing my own scripts. Thanks for the info!
8 Views
Powered by