would appreciate feedback
# cored
defensivedepth
02/16/2021, 7:02 PMwould appreciate feedback
m
Mike Myers
02/17/2021, 2:41 AMIt looks good to me. What's a quick way to generate some Windows events?
Mike Myers
02/17/2021, 2:41 AMalso if you have a stack exchange account you can make this person's day https://stackoverflow.com/questions/64481969/why-osquery-does-not-include-computer-event-information-when-reading-windows-e
Mike Myers
02/17/2021, 3:05 AMquick way to generate some Windows events?Nevermind, got it. My problem was that you have to explicitly enable the event subscriber and publisher with osquery flags:
osqueryi.exe --disable_events=false --windows_event_channels="System,Application,Setup,Security" --enable_windows_events_publisher=true --enable_windows_events_subscriber=truewindows 10j
Juan Alvarez
02/17/2021, 9:46 AMThat person is me, and yes, he made my day 😄 I was actually trying to compile something myself but i was getting lost in my noobness
😆 1
Juan Alvarez
02/17/2021, 9:50 AMi am happy to test it in several environments when ready
Juan Alvarez
02/17/2021, 10:36 AMI was watching the office hours video, wondering if we will be lucky enough to get this through in 4.7.0?
d
defensivedepth
02/17/2021, 1:41 PMThanks @Mike Myers! I committed a fix for the formatting issues. Havent really done much dev outside of Python & Powershell 🙂
🆒 1
defensivedepth
02/17/2021, 1:42 PM@Juan Alvarez would love to see it in 4.7 as well, we will see
j
Juan Alvarez
02/17/2021, 1:52 PMI was trying to download the MSI from the pipelines to test, but it didn’t seem available yet. Then I have some env with WEC enabled to test it out if it helps
8 Views