osquery check which file a currently reading by vi I m trying to figure how to build a request in osquery to find which file is currently reading by vi. I think my base request is something like this (I have found this example googling around) but I m not really understand how to modify it to fit my needs select a.key,a.value,b.pid,b.name from process_envs as a join processes as b where a.pid=b.pid and a.key='XXXXXX'; 1.I think I have to keep processes table but I m not sure for the other one 2. As far as I understand this request it seems...

This URL 404s.