Osquery uses basic SQL commands to leverage a relational data-model to describe a device.

osquery

Hiya! I’m testing Trail of Bits Google :santa::skin-tone-2: extension: <https://github.com/osql/extensions/tree/master/santa>. I’m trying to write a simple query that just pulls the results of the santa_denied table that the extension adds (`select * from santa_denied`). Is there a way to add a query pack locally to a client even though it receives packs and configs via Kolide?

santa should already have a local database that has the rules stored.

if you want to see the blocked events based on run, the log also exists on the endpoint already

you are more than welcome to PM me for more info or post in <#CBMR0L7SM|extensions>