Stack Overflow
Stack Overflow

Questions tagged [osquery]

osquery is an open-source, cross-platform endpoint security monitoring and system information tool. It is either run locally in an interactive command-line session, or is deployed remotely with scheduled queries that report to a central logging system of the user's choice. It has an SQL-based query interface that presents OS-level data as virtual SQL tables, for flexible and powerful relational-data requests.

Tagging Recommendation

Use the osquery tag for all osquery-related questions. If your question includes issues specific to a particular operating system platform, you can include a tag like windows, macos, or linux. osquery is an extensible tool for gathering OS-level system information; many development issues are as much related to the intricacies of platform APIs as they are to osquery itself.

If your question is more related to the SQL language and its various syntax, maybe the sql tag is also appropriate.

Other osquery Resources

osquery main site

osquery user and developer documentation

osquery community Slack chat

osquery's GitHub source code repository

78 questions
0
votes
1 answer

How to provide table spec when adding a virtual table from an extension

I'm building an osquery extension using osquery-go which is providing a virtual table into osqueryi. My table requires a WHERE clause on a specific field to generate a result. Where do I put the specifications of my table? As stated on osquery's…
hippwn
  • 3
  • 1
0
votes
1 answer

osquery - removing verbose migration info on every osqueryi query

Using osquery on my linux machine (CentOS 7 if it matters) I get automatic verbose info output about migrations when running every query using the osqueryi interactive shell. Is there any way to quiet/hide such output and return only results? What I…
Devin
  • 1,011
  • 2
  • 14
  • 30
0
votes
1 answer

How to use osquery to check network card name and manufacturer, etc.?

I tried the following query but it returns blank for the fields friendly_name, description and manufacturer. Are those fields not supported yet? osqueryi 'select interface, friendly_name, description, manufacturer from interface_details'
Benjamin Du
  • 1,391
  • 1
  • 17
  • 25
0
votes
1 answer

OSQuery how can i retrieve Anti virus details?

i am new, and I am using osquery to get specific list of applications installed on endpoint. doesn't seem like its possible, correct
Gana
  • 979
  • 3
  • 10
  • 18
0
votes
2 answers

osquery - How can I retrieve a file origin using osquery?

I'm using osquery on Windows and I need help: I want to retrieve the file origin of a specific file. For example I download a file from http://example.com and I'm looking for a query on osquery that show me the info that I download that specific…
user10446660
0
votes
1 answer

I want to connect my web application to show the reports from osquery SQLITE database

Thanks a lot for such a amazing tool. I am running osquery installed on windows machine using installer from https://osquery.io/. I want to connect my web application to show the reports from osquery SQLITE database. I am unable to see any SQLITE db…
user10248271
  • 3
  • 1
0
votes
0 answers

How to add mongocxx libraries into Osquery

I'm trying to save the result (JSON) of the scheduled query of osqueryd to MongoDB using mongocxx driver within osquery, however I am getting the below error while building the source code using make command Error : [ 83%] Built target…
Austin D'souza
  • 1
  • 2
0
votes
2 answers

Osquery MsBuild error msb1009

While building the Windows environment for OsQuery (on my Windows 10 VM) from their website(link: https://osquery.readthedocs.io/en/stable/development/windows-provisioning/), I am getting the msb1009 error during the phase where I have to run the…
Bit_by_bit
  • 1
  • 2
0
votes
1 answer

OSQuery and Python extensions with virtualenv

I'm using OSQuery throught osqueryi and/or osqueryd on Windows. I've written some Python extensions (tables) and I try using virtualenv to run these Python extensions. When I run osqueryi.exe and python extensions separately from command line, the…
J19
  • 667
  • 2
  • 10
  • 27
0
votes
1 answer

boost is installed but powershell says "Did not find"

I have installed boost-msvc14 1.59.0 but whenever I try installing osquery it says that it didn't find boost-msvc14 1.59.0 . My boost directory is in C:/local. powershell is very slow in terms of downloading that's why I don't want to use…
Black Dragon
  • 147
  • 1
  • 2
  • 13
0
votes
3 answers

How to execute a query every 5 mins

I'm very new to OSQuery and i'd like to execute a query (e.g. SELECT * FROM last) every 5 minutes. Is there any chance, to define a script, which executes this routine in within a crontab or something else like this? Probably it should be enough to…
Tyralcori
  • 1,079
  • 13
  • 33
-1
votes
1 answer

system policy: java(4297) deny(1) file-write-mode on mac os

In my Project I am trying to install one install4j build there osquery.app also gets installed. OS:- Mac os Ventura In fresh install osquery.app gets installed properly do not get any error in my folder .But when I try upgrade scenario osquery.app…
User0987
  • 91
  • 1
  • 6
-1
votes
1 answer

how to rebuild osquery app on mac os using open source code of osquery?

I want build osquery app for mac os. I followed process https://osquery.readthedocs.io/en/stable/development/building/ mentioned in documentation but it only builds osqueryd binary I need it in form of osquery.app. How do I do that? can anyone help…
User0987
  • 91
  • 1
  • 6
-1
votes
1 answer

Manually install Osquery daemon only

My task is to install only the OSquery daemon manually I do not want OSquery shell i.e.osqueryi. So I figure out that I need to ship a few files/executables to their respective locations and then start the OSquery service using the command "sudo…
User0987
  • 91
  • 1
  • 6
-1
votes
1 answer

Cant't reach to get realtime information of my network

I want to fetch realtime information of my network as shown in image , my code is in python in that i import osquery model and when i change network that output also have to change I reached hear only import…
Prince Amle
  • 1
1 2 3 4
5
6