Channels
#kolide
Title
# kolide
t
Tim
03/06/2020, 6:40 PMI'm having some trouble writing a query to create a label. There's a specific process that should be running on everything in my fleet, I want to return and systems that DO NOT have that process running. Any help or direction is appreciated.
z
zwass
03/06/2020, 8:17 PM
Copy code
osquery> SELECT 1 WHERE 'osqueryd' NOT IN (SELECT name FROM processes);
osquery> SELECT 1 WHERE 'mysqld' NOT IN (SELECT name FROM processes);
+---+
| 1 |
+---+
| 1 |
+---+Does this idea make sense? Return a result when the process is not running, return no result if the process is running.
t
Tim
03/06/2020, 10:11 PMyeah that makes perfect sense, thanks a ton
z
zwass
03/07/2020, 2:04 AM
You're welcome, good luck!
4 Views