I am trying to extend osquery by searching for windows event

Question

I am trying to extend osquery by searching for windows event viewer event IDs is that possible

Gavin · Answer

Yes however this is an evented table <https osquery io schema 5 0 1 windows events>

Gavin · Answer

```SELECT data FROM windows eventlog WHERE channel = Security and eventid = 4672 ``` Will show results for example where ```SELECT data FROM windows eventlog``` Will not it will need to be appropriately constrained <https github com osquery osquery blob master specs windows windows events table>