Ill try to figure that out once I get the default paths because I cannot find the osquery.conf in that path at all! Is it the same as osquery.example.conf by any chance?

Where did you find osquery.example.config? If t is under the

C:\ProgramData\osquery

as @thor metioned, or under your installation folder (if you didn't install osquery in its default path), please copy & rename the file to osquery.config and use it. Also, afaik, you can use the --config_path flag when your run osqueryd to choose from where you read the config file.

The osquery.example.conf (not config) file is in C:\ProgramData\osquery @yuvalapidot Thanks about the --config_path flag. Any place I can change these so that osqueryd picks it up without me specifying it all the time?

@Bit_by_bit common deployments come with an

osquery.flags

, which specifies all of these things, there's some more information about deployments on our readthedocs (https://osquery.readthedocs.io/en/stable/deployment/configuration/) but there's not something you can set for the

config_path

to be always set, you'll need to setup a flagsfile that works for you and deploy it in some uniform way like with Chef or Puppet