I’ve been itching to write a plugin table that tal...
# generalg
groob
10/04/2018, 5:45 PM
I’ve been itching to write a plugin table that talks to WMI 😄
i
Ian Fernandez
10/04/2018, 5:46 PMIs that you that is trying to write this?
t
thor
10/04/2018, 5:54 PM
Why not in core? 😄 ❤️ Please don't say lockdown >.>
g
groob
10/04/2018, 5:57 PM
go has a decent library for WMI i think
groob
10/04/2018, 5:58 PM
I dont like sticking things in core until they’re proven both in terms of need and in terms of stability of the APIs I’m calling
😍 1
groob
10/04/2018, 6:00 PM
@thor check out some of the crazy tables @fritz has been adding lately 😄 https://github.com/kolide/launcher/pulls
t
thor
10/04/2018, 6:10 PM
Ah I see. Nah I meant like, I'd really love to have a way of speaking to WMI directly via osquery, so gut how we currently do things, and make an interface table or something that just passes queries through directly to WMI. The hardest part that I could never really sort out is the dynamic typing of things coming back. We could do it with just everything presumed to be a string, and then handle the typing on the backend, but I've never liked that answer. That being said, I also don't super love the current WMI abstraction either 😕
f
fritz
10/04/2018, 6:22 PMI would love to see an interface similar to mdfind's current implementation of passing a query. Typing doesn't worry me so long as you could cast the results, (ATC returns everything as strings)
fritz
10/04/2018, 6:23 PMI wonder if you could return whatever the results were as just a JSON blob?
t
thor
10/04/2018, 7:53 PM
Possibly. Might be something worth taking a stab at....
f
fritz
10/04/2018, 9:15 PMThe advantage to that is you wouldn't lose potential relational context by flattening everything into strings
fritz
10/04/2018, 9:15 PMWhich is something the
plist