Channels
android_tests
apple-silicon
arm-architecture
auditing-warroom
aws
carving
code-review
community-feeds
core
darkbytes
doorman
ebpf
eclecticiq-polylogyx-extension
extensions
file-carving
fim
fleet
fleet-dev
fleetosquery
foundation
fuzzing
general
golang
goquery
infrastructure
jobs
kolide
linen-dev
linux
macos
officehours
osctrl
plugins
process-auditing
querycon
queryhub
random
selfgroup
sql
tls
uptycs
vendor-feeds
website
windows
zeek
zentral
zercurity
Title
d
defensivedepth
02/16/2021, 7:02 PMwould appreciate feedback
m
Mike Myers
02/17/2021, 2:41 AMIt looks good to me. What's a quick way to generate some Windows events?
also if you have a stack exchange account you can make this person's day https://stackoverflow.com/questions/64481969/why-osquery-does-not-include-computer-event-information-when-reading-windows-e
quick way to generate some Windows events?Nevermind, got it. My problem was that you have to explicitly enable the event subscriber and publisher with osquery flags:
osqueryi.exe --disable_events=false --windows_event_channels="System,Application,Setup,Security" --enable_windows_events_publisher=true --enable_windows_events_subscriber=truewindows 10j
Juan Alvarez
02/17/2021, 9:46 AMThat person is me, and yes, he made my day 😄 I was actually trying to compile something myself but i was getting lost in my noobness
😆 1
i am happy to test it in several environments when ready
I was watching the office hours video, wondering if we will be lucky enough to get this through in 4.7.0?
d
defensivedepth
02/17/2021, 1:41 PMThanks @Mike Myers! I committed a fix for the formatting issues. Havent really done much dev outside of Python & Powershell 🙂
🆒 1
@Juan Alvarez would love to see it in 4.7 as well, we will see
j
Juan Alvarez
02/17/2021, 1:52 PMI was trying to download the MSI from the pipelines to test, but it didn’t seem available yet. Then I have some env with WEC enabled to test it out if it helps