Stack Overflow
Stack Overflow

Questions tagged [osquery]

osquery is an open-source, cross-platform endpoint security monitoring and system information tool. It is either run locally in an interactive command-line session, or is deployed remotely with scheduled queries that report to a central logging system of the user's choice. It has an SQL-based query interface that presents OS-level data as virtual SQL tables, for flexible and powerful relational-data requests.

Tagging Recommendation

Use the osquery tag for all osquery-related questions. If your question includes issues specific to a particular operating system platform, you can include a tag like windows, macos, or linux. osquery is an extensible tool for gathering OS-level system information; many development issues are as much related to the intricacies of platform APIs as they are to osquery itself.

If your question is more related to the SQL language and its various syntax, maybe the sql tag is also appropriate.

Other osquery Resources

osquery main site

osquery user and developer documentation

osquery community Slack chat

osquery's GitHub source code repository

78 questions
0
votes
1 answer

Could not connect to any of ['/tmp/pyosqsockndnbir6z'] in osquery-python

Could not connect to any of ['/tmp/pyosqsockndnbir6z'] Encountering this error in sentry repeatedly . Also it is raised after below subprocess command. I haven't executed the below command in my code. /usr/bin/osqueryd --extensions_socket…
Aayush Jain
  • 1
  • 1
0
votes
2 answers

Installation of Electronjs app with osquery

I am new to electron and I want to build electron installer for all platform (mac, linux, windows, etc) which I am able to do. This electron app would use osquery to grab some information from the user system. So I want to install and run osquery,…
Nitesh Kanojia
  • 1
0
votes
1 answer

Using osquery sdk (in the form of dll) on Windows

i am trying to use osquery sdk on Windows. Does it has any dll which can be loaded in my process. It's not very clear from the documentation. Any pointers will help.
Baab
  • 179
  • 6
0
votes
1 answer

osquery on-demand yara scan Error: no such column: pattern

I'm trying to run on-demand yara scan in osqueryi using 'pattern' constraints but that column is not there and getting error below. Am i missing something on how to use pattern constraints? select * from yara where pattern="/bin/%sh" and…
Ben
  • 1
0
votes
1 answer

Using OSquery to modifying or kill processes, etc

From what I read osquery is used for querying / reading the system information. By any chance it has facility to modify the system state like killing the process or deleting a registry key ?? I am using osqueryi commands like select * form users…
Baab
  • 179
  • 6
0
votes
3 answers

Osquery SQL - searching for executables

I need some help. What syntax do I use to search for executables using osquery? For example, I am looking for winword.exe, excel.exe. Thanks in advance.
MICOVERZ
  • 1
0
votes
1 answer

Can osquery generate apt package information like it does rpm?

I'm looking to generate lists of apt package versions for specific packages, like sudo,ssh, etc. OSQuery seems to have an option to generate this with rpm_packages however I can find no mention of apt_packages. I don't mean apt_sources, and the apps…
BDM
  • 328
  • 2
  • 11
0
votes
1 answer

Is it possible to add the description or other custom field to query result log?

I have the following scheduled query in combination with a TLS plugin logger. "vssadmin.exe": { "query": "select * from file WHERE directory = 'C:\\Windows\\Prefetch\\' and filename like '%vssadmin%';", "interval": 600, …
Henk Jan
  • 3
  • 2
0
votes
1 answer

Fail to connect osquery from window server to kolide fleet

I try to connect osquery in window server to kolide fleet. The osqueryd service created successfully but nothing appear on my kolide fleet dashboard. I created the service through: sc.exe create osqueryd type= own start= auto error= normal binpath=…
IamNewbie
  • 17
  • 1
  • 6
0
votes
2 answers

osquery extension in Ruby - create new table

I'm trying to implement an extension for osquery in Ruby. I found some libs and examples doing the same in Java, Node and Python, but nothing helpful implemented in Ruby language. According to this documention, it's possible generating the code…
Alberto Anderick Jr
  • 1,129
  • 7
  • 24
0
votes
1 answer

Running a process messes up shell

I need to run a process called osqueryi before I run my app, and when shutting down, killing that process. (It is kind of a daemon which can be queried. I need it to be running in order for my app to work). func bootOsqueryi(strcmd string) { cwd,…
transient_loop
  • 5,984
  • 15
  • 58
  • 117
0
votes
1 answer

Using osquery wildcards for multi-level patterns

I am using osquery v4.1.1 to monitor file events on a ubuntu box. $ osqueryi --line "SELECT version, build, platform FROM os_version;" version = 16.04.3 LTS (Xenial Xerus) build = platform = ubuntu $ osqueryi --line "SELECT version from…
prateeknischal
  • 752
  • 4
  • 12
0
votes
2 answers

memory_map does not give expected results in Linux

The query .all memory_map on the Linux system gives unexpected results as start memory location = 0x00000000 as well as end memory location = 0x00000000 for all the attributes. Does it just seem weird? Operating System: Kali Linux osquery version:…
Jishan Shaikh
  • 1,572
  • 2
  • 13
  • 31
0
votes
1 answer

differential osquery query output to "catchall" topic

I'm using osquery to monitor servers on my network. The following osquery.conf captures snapshots, every minute, of the processes communicating over the network ports and publishes that data to Kafka: { "options": { "logger_kafka_brokers":…
Alex Woolford
  • 4,433
  • 11
  • 47
  • 80
0
votes
2 answers

how to save console result of osquery as a csv or excel in windows

I am working with OSQUERY, I want to save result of osquery to a particular file as excel or csv. I am trying with below but not getting what I want $ osqueryi --json 'select * from osquery_info' > res.json $ cat…
Sparta_Saggy
  • 47
  • 4
1 2 3
4
5 6