Osquery uses basic SQL commands to leverage a relational data-model to describe a device.

osquery

anything flashed :slightly_smiling_face:?

yes! the "core" process should call each extension's `shutdown` thrift API if you implement it: <https://github.com/facebook/osquery/blob/master/osquery/extensions/extensions.cpp#L161>

The C++ extensions should implement that by default: <https://github.com/facebook/osquery/blob/master/osquery/extensions/interface.cpp#L76>

ah ok, I was trying to bubble it up to the extension level. So can I override the default?

I tried Initializer.installShutdown() but that didn't do the trick