Dhruv Rathod
01/25/2022, 9:47 AMinstance = osquery.ExtensionClient('\\\\.\pipe\shell.em')
instance.open()
client = instance.extension_client()
print(client.query('select * from time'))
In this code, it's possible to query osquery via the thrift socket without creating any new extension. I want to ask if it is also possible to set the config and get the logs for the running osquery instance without creating a new extension, and just read/write via the extension_client?seph
Dhruv Rathod
01/29/2022, 11:17 AMseph
Dhruv Rathod
01/29/2022, 5:44 PMcontent
method is returning two JSON configs, right? So is there any way to specifically run one of these? Like how is it working actually?seph
method is returning two JSON configs, rightHuh. That’s an excellent point. I have no idea what that’s doing.
Dhruv Rathod
01/30/2022, 3:39 AM