Hi everyone, I have been using OSQUERY for a long time but I haven’t had a need for this before until today. A friend of mine has asked is there a way to create unique unique process ID using osquery similar to the UUID. I know there is a UPID field but it’s empty. There are a sqlite query that could generate a uuid but that could make the query complex and i didn’t know how to generate one per process. Having that would be great to make sure you always have unique process similar to modern EDR tools . Thanks

Which table are you querying?

Proccesses table, on mac pid = upid but on windows upid was empty. I was expecting to see a uuid that makes the proccess id unique @defensivedepth

Hey @Ahmed, how did this turn out? If unresolved, maybe we could grab 15m with @Kathy Satterlee for a screenshare? Probably the fastest way to figure out what might be going on.