Channels
doorman
infrastructure
random
zercurity
community-feeds
fleet-dev
code-review
queryhub
apple-silicon
carving
tls
fim
goquery
zentral
aws
querycon
golang
zeek
file-carving
fuzzing
auditing-warroom
linen-dev
fleetosquery
plugins
jobs
arm-architecture
darkbytes
process-auditing
uptycs
android_tests
selfgroup
vendor-feeds
fleet
eclecticiq-polylogyx-extension
ebpf
website
core
general
macos
kolide
osctrl
extensions
foundation
sql
officehours
linux
windows
Title
c
CAN KANSIN
05/16/2018, 11:06 PMHi all, I was checking how osquery gets events from windows. I found that it is getting events with EVT_SUBSCRIBE_CALLBACK.
But I also saw some wmi codes in osquery. But I cannot see any use of these wmi codes for event subscription. Only using stringToWstring(confusing #include of wmi?)
Am I right about: there is no wmi event subscription but only EVT_SUBSCRIBE_CALLBACK? Or am I missing something? Thanks 🙂
t
thor
05/17/2018, 2:43 PMThat’s right, we only have two event subscribers on Windows, both of which use the evt subscribe api
c
CAN KANSIN
05/17/2018, 4:34 PM☺️