Channels
- zThat's what I thought, I was hoping there'd be some sort of ability to track a "heartbeat" with osquery, but realizing the fallacy of using a system to check it's own health is sort of a :lolwut:
2 Replies
2 years ago 
@Phuc Duong hi! could you check you don’t have a space after each line in the flagfile? If you check the error closely each value seems to have been read with a space in it.4 Replies
2 years ago- zAnyone use osquery in k8s at all?
4 Replies
2 years ago - t#general how much time it takes an server to show up in fleet?In my case it keeps on stating adding new host
2 Replies
2 years ago - sThis message was deleted.
4 Replies
2 years ago - sNeed some noobie help. I0412 14:08:38.742949 11449 tls.cpp:253] TLS/HTTPS POST request to URI: https://localhost:8080/api/v1/osquery/enroll W0412 14:08:38.750748 11449 tls_enroll.cpp:76] Failed enrollment request to <...
4 Replies
2 years ago - a@Prateek Kumar Nischal that event will never be picked up unless osquery is updated to parse it
You can start by updating the following files: osquery/tables/events/linux/process_events.cpp osquery/events/linux/process_events....1 Replies
2 years ago - dBeen wondering for a while - since i know osqpery is meant to be turned to what you ultimately want for it (why waste resources) - but is there a best of breed most people adopt? I am thinking the SwiftOnSecurity Sysmon...
3 Replies
2 years ago 
Hello. I'm trying to collect user based events, specifically failed login attempts. My user_events table is empty and I see this when I query the table: "Table user_events is event-based but events are disabled". How d...3 Replies
2 years ago- dOn my AWS slack pluralsight put up the free april linkhttp://pluralsight.com/offer/2020/free-april-month and they got a osquery class - not sure how good, no reviews - but its there : ?https://app.pluralsight.com/li...
3 Replies
2 years ago