Channels
- aAll three tables has a column
that you can use to join the results on.hostname
Yes you’re right. I guess that is because the column
is not part of the table itself, it is added to every table. But I don...hostname1 Replies
2 weeks ago - sI would expect that to work, it does on my machine. Where are you seeing those numbers? could your data pipeline be adding them? Is this osqueryi?
4 Replies
3 weeks ago - cHola, folks! I was curious if it is currently possible to query TCC statuses on macOS devices. Any insight on this is greatly appreciated 🍻
2 Replies
2 months ago - jHey all, not sure if this is possible but figured this was a good place to ask.. Looking to create a query to view the contents of a .zip file that has no password.. anyone heard of something like this? 😒lightly_smiling...
3 Replies
3 months ago - dHi, Is there a query I can use to list all the externally open sockets along with processes using them?
4 Replies
5 months ago - wHey all, I'm diving in to the implementation details of SQL in osquery to solve #7314. I see there's both some mention of sqlite, as well as
list<map<string,string&...4 Replies
7 months ago - wSay I wanted to write a detection for "one user logged into 10k hosts at one time over SSH", how would I do that in OSQuery? • https://osquery.io/schema/5.0.1/#logged_in_users • https://osquery.io/schema/5.0.1/#users...
4 Replies
7 months ago - wdoes anyone have a query to pull the mac address of the default network interface for windows + mac
3 Replies
1 year ago - fYour SQL's intent is not immediately clear to me. Can you describe the output you are trying to get? Do you want to return results of only
where anrpm_packages
exists?install_time4 Replies
1 year ago - jAny example of a query to get the filevault service status on MacOS?
3 Replies
1 year ago