Channels
doorman
infrastructure
random
zercurity
community-feeds
fleet-dev
code-review
queryhub
apple-silicon
carving
tls
fim
goquery
zentral
aws
querycon
golang
zeek
file-carving
fuzzing
auditing-warroom
linen-dev
fleetosquery
plugins
jobs
arm-architecture
darkbytes
process-auditing
uptycs
android_tests
selfgroup
vendor-feeds
fleet
eclecticiq-polylogyx-extension
ebpf
website
core
general
macos
kolide
osctrl
extensions
foundation
sql
officehours
linux
windows
Title
v
Vijay
05/18/2020, 9:48 PMis there an extension for osquery that includes forensics capabilities? for eg, a table that shows appcompat results?
z
zwass
05/18/2020, 9:51 PMPolylogyx was making some osquery windows extensions with additional capabilities. Sorry I can't give you more details.
v
Vijay
05/18/2020, 9:52 PMthanks.
o
OpenPlgx
05/19/2020, 9:02 AMThanks @zwass. @Vijay, please feel welcome to look at some of the example scripts at https://github.com/polylogyx/plgx-esp-sdk/tree/master/example_scripts/advance_scripts You will find one for appcompat cache parsing too... feel welcome to move the PolyLogyx related discussion to #polylogyx-extension channel.
m
Mike Myers
05/22/2020, 6:38 PM@Vijay we also wrote an NTFS metadata table extension https://github.com/trailofbits/osquery-extensions/tree/master/ntfs_forensics
v
Vijay
05/22/2020, 6:40 PMis there a release version of it?
m
Mike Myers
05/22/2020, 6:41 PMThere hasn't been a recent binary tagged as a release, no, but it should build from source
v
Vijay
05/22/2020, 6:41 PMgreat. thanks