Channels
doorman
infrastructure
random
zercurity
community-feeds
fleet-dev
code-review
queryhub
apple-silicon
carving
tls
fim
goquery
zentral
aws
querycon
golang
zeek
file-carving
fuzzing
auditing-warroom
linen-dev
fleetosquery
plugins
jobs
arm-architecture
darkbytes
process-auditing
uptycs
android_tests
selfgroup
vendor-feeds
fleet
eclecticiq-polylogyx-extension
ebpf
website
core
general
macos
kolide
osctrl
extensions
foundation
sql
officehours
linux
windows
Title
s
seph
05/03/2020, 11:48 PMI did a little bit of work with an extensions to replay data for testing. But I got hung up on duplicate table names and didn't revisit it.
s
SK
05/04/2020, 7:24 AMHey @seph I was thinking if there was a way to replay Windows Event logs in a VM, we might at least be able to check the "windows_events" possibly also the "powershell_events table". But this will become more useful when OSQuery can parse the data column and put all data in separate fields. Hopefully this will do that https://github.com/osquery/osquery/pull/6280/commits/b8a1c68afd2678988fc311c7a4e692f90d111bec
s
seph
05/04/2020, 11:03 AMI don't know windows well enough to know if there are good replay opportunities