Does anyone know what Osquery can do that jamf can...
# generalj
joe b
04/23/2020, 8:18 PMDoes anyone know what Osquery can do that jamf can’t do ?
f
fritz
04/23/2020, 8:46 PMQuery Windows and Linux devices
t
terracatta
04/23/2020, 8:48 PM
Joe, jamf can basically get anything with extension attributes but it tends to be a giant pain.
compare
Copy code
select serial_number from battery; Copy code
<?xml version="1.0" encoding="UTF-8"?>
<extensionAttribute>
<displayName>Battery Serial Number</displayName>
<displayInCategory>System Information</displayInCategory>
<dataType>string</dataType>
<description>This attribute returns serial number of the battery, if installed.</description>
<scriptContentsMac>#!/bin/sh
echo "<result>$(ioreg -r -c "AppleSmartBattery" | grep "BatterySerialNumber" | awk '{print $3}' | sed s/\"//g)</result>"
</scriptContentsMac>
</extensionAttribute>terracatta
04/23/2020, 8:49 PM
You are often greping/seding/awking the output of CLI tools that change frequently. In osquery, it's usually hitting the native operating system APIs
this 3
j
joe b
04/23/2020, 9:15 PMOh yeah that does sound like a pain. I rather use SQL than writing my own scripts. Thanks for the info!
13 Views