defensivedepth
05/21/2022, 3:31 PMjamesbhao
05/24/2022, 12:31 PMseph
CptOfEvilMinions
05/25/2022, 3:22 PMMystery Incorporated
05/26/2022, 4:59 AMJason Field
05/26/2022, 9:37 PMStefano Bonicatti
05/26/2022, 9:57 PMAndreas Piening
05/30/2022, 1:28 PMPolicies
with fleet
. However, I’m missing the option to check SSHd
config settings, because I want to ensure that I’ve set PasswordAuthentication *no
on all hosts. I can’t find something related in the* Standard query library
and I can’t figure the query out by myself. Has someone done something in that regard?Andreas Piening
05/31/2022, 8:23 AMZFS
related data?
I could think of many really valuable queries:
• Get latest / biggest snapshots per volume
• Check for volumes without a snapshot within the last 24 hours
• Check if the autotrim
option is enabled on all SSD based pools
• Get block utilization for the volumes of a poolMystery Incorporated
06/01/2022, 6:53 AM"Error executing distributed query: fleet_detail_query_mdm: no such table: mdm","version":"5.2.3","decorations":{"company":"xxxx","host_hostname":"xxxxxx","username":"xxx"}}
Artem
06/04/2022, 8:54 AMcurl
table to make https requests without certificate validation?
I tried to check access to internal REST API from several servers but saw that curl
table doesn’t want to make requests to resource with untrusted certificate.
Is it possible to set something like --unsecure (-k)
curl options to make request?zwass
Andrea
06/07/2022, 10:32 AM[ RUN ] UserGroups.test_sanity
E20220607 10:13:31.404719 9192 virtual_table.cpp:1006] Exception while executing table user_groups: no state
C:\workspace\senseon-enterprise-endpoint\tests\integration\tables\helper.cpp(160): error: Value of: status.ok()
Actual: false
Expected: true
Query execution failed with error: "no state"
C:\workspace\senseon-enterprise-endpoint\tests\integration\tables\user_groups.cpp(62): error: Expected: (data.size()) > (0ul), actual: 0 vs 0
[ FAILED ] UserGroups.test_sanity (1 ms)
Nick Klauer
06/07/2022, 8:20 PMapt-key
is apparently deprecated as of 1JAN2021 (at least on Debian-based hosts). In looking at the Debian install instructions, it is referencing instructions that rely on that. Does anyone have a pointer to how to import the key into a host if you’re trying to avoid using it?Ibra
06/08/2022, 7:43 AMIbra
06/08/2022, 7:45 AMAndreas Piening
06/08/2022, 8:30 PMsmart_drive_info
I get results for all partitions on the node. Does this make sense? I have the values /dev/sdb
, /dev/sdb1
and /dev/sdb2
in the column device_name
and all other columns are sharing the same values as they belong to one disk. Is there a way to filter for block devices only?Eric23
06/08/2022, 8:33 PMSELECT * FROM interface_details;
on many hosts (Linux & Windows) and it seems that the Windows (W10/W2k19) do not provide values regarding ibytes/obytes/packets etc....
Everything is fine with Linux. They're all running osquery v5.2.2.
Question : is there a special flag/config to make it run on Windows hosts ?
Thanks.Adam Connor
06/09/2022, 11:56 AMJ Armando G
06/12/2022, 5:41 PMJ Armando G
06/12/2022, 5:42 PMJ Armando G
06/12/2022, 5:43 PMJ Armando G
06/12/2022, 5:44 PMJ Armando G
06/12/2022, 5:44 PMJ Armando G
06/12/2022, 5:45 PMtokcum
06/13/2022, 10:36 AMseph
Peter
06/14/2022, 11:00 AM10.0.2.136
for a connection where the remote_address
is recorded as ::ffff:0a00:0288
?Ibra
06/14/2022, 2:04 PMclong
06/14/2022, 6:41 PMunixTime
and severity
as a string in status logs but as an integer in result logs?