https://github.com/osquery/osquery logo
Powered by
Title
a

arod

03/03/2021, 1:08 PM
Does anyone know if it's possible to retrieve query results from an API. Let's say I want to use the API to do 
SELECT * FROM users;
-> Receiving a response with JSON? https://github.com/fleetdm/fleet/blob/master/docs/1-Using-Fleet/3-REST-API.md#run-live-query This only returns a "query campaign". Or I'm I missing something. I'd like the results over the API.
z

zwass

03/03/2021, 4:25 PM
Yes, you need to hit a different endpoint for the results, which is not yet documented. See https://github.com/fleetdm/fleet/blob/master/frontend/kolide/websockets.js or https://github.com/fleetdm/fleet/blob/master/server/service/client_live_query.go#L90-L168 for how we do that.
a

arod

03/03/2021, 4:31 PM
Thanks @zwass Would you say it's similar to this: https://github.com/CptOfEvilMinions/BlogProjects/blob/master/kolide-api-ansible/kolide_websocket_client.py
z

zwass

03/03/2021, 4:31 PM
Yes, this looks like a Python client for the live query API.
1
2 Views
#fleetJoin Slack
Powered by