https://github.com/osquery/osquery logo
Powered by
#windows
Title
# windows
c

CptOfEvilMinions

12/19/2019, 7:28 PM
You can also do the following for debugging. Open a Powershell instance as Administrator and run 
osqueryi --verbose --disable_events=false
and then run the query 
select * from *osquery_events*
and the 
powershell_events
 row should have events greater than 0.
r

R0n

12/19/2019, 7:29 PM
kool, thanks. I will try that
3 Views
Powered by