class MyTablePlugin(osquery.TablePlugin):
def name(self):
return "foobar2"
def columns(self):
return [
osquery.TableColumn(name="foo", type=osquery.STRING),
osquery.TableColumn(name="baz", type=osquery.STRING),
]
def query_table(self):
try:
# Spawn an osquery process using an ephemeral extension socket.
instance = osquery.SpawnInstance()
instance.open() # This may raise an exception
# Issues queries and call osquery Thrift APIs.
RESULTS = instance.client.query("SELECT name, path, pid FROM processes limit 2")
if RESULTS.status.code != 0:
print("Error running the query: %s" % RESULTS.status.message)
sys.exit(1)
for row in RESULTS.response:
print("=" * 80)
for key, val in row.items():
print("%s => %s" % (key, val))
if len(RESULTS.response) > 0:
print("=" * 80)
#instance.client.
#osquery.s
except Exception as err:
print("Error " + str(err))
def generate(self, context):
try:
query_data = []
self.query_table()
for _ in range(2):
row = {}
row["foo"] = "bar"
row["baz"] = "baz"
query_data.append(row)
return query_data
except Exception as err:
print("Error " + str(err))