Hi everyone, I have been using OSQUERY for a long ...
# fleeta
Ahmed
01/16/2023, 11:26 AMHi everyone, I have been using OSQUERY for a long time but I haven’t had a need for this before until today. A friend of mine has asked is there a way to create unique unique process ID using osquery similar to the UUID. I know there is a UPID field but it’s empty.
There are a sqlite query that could generate a uuid but that could make the query complex and i didn’t know how to generate one per process.
Having that would be great to make sure you always have unique process similar to modern EDR tools .
Thanks
Ahmed
01/16/2023, 11:28 AM@mikermcneil / @zwass would be great to see input from you on this and fleet team!
d
defensivedepth
01/16/2023, 3:17 PMWhich table are you querying?
a
Ahmed
01/16/2023, 3:32 PMProccesses table, on mac pid = upid but on windows upid was empty. I was expecting to see a uuid that makes the proccess id unique @defensivedepth
m
mikermcneil
06/14/2023, 1:52 AMHey @Ahmed, how did this turn out? If unresolved, maybe we could grab 15m with @Kathy Satterlee for a screenshare? Probably the fastest way to figure out what might be going on.