is there an extension for osquery that includes fo...
# windowsv
Vijay
05/18/2020, 9:48 PMis there an extension for osquery that includes forensics capabilities? for eg, a table that shows appcompat results?
z
zwass
05/18/2020, 9:51 PM
Polylogyx was making some osquery windows extensions with additional capabilities. Sorry I can't give you more details.
v
Vijay
05/18/2020, 9:52 PMthanks.
o
OpenPlgx
05/19/2020, 9:02 AMThanks @zwass. @Vijay, please feel welcome to look at some of the example scripts at https://github.com/polylogyx/plgx-esp-sdk/tree/master/example_scripts/advance_scripts You will find one for appcompat cache parsing too... feel welcome to move the PolyLogyx related discussion to #polylogyx-extension channel.
m
Mike Myers
05/22/2020, 6:38 PM@Vijay we also wrote an NTFS metadata table extension https://github.com/trailofbits/osquery-extensions/tree/master/ntfs_forensics
v
Vijay
05/22/2020, 6:40 PMis there a release version of it?
m
Mike Myers
05/22/2020, 6:41 PMThere hasn't been a recent binary tagged as a release, no, but it should build from source
v
Vijay
05/22/2020, 6:41 PMgreat. thanks
5 Views