Does anyone know a osquery table that can show packages running on a remote endpoint? Trying to find a way to confirm Log4jl on remote systems that I don't have access except with osquery

Perhaps this might help? https://www.uptycs.com/blog/log4j/log4shell-vulnerability-scanning-and-exploit-detection-in-uptycs-osquery-2

We tried those. None of them seemed to work. I'm currently working on figuring out why, but thought I would ask to see if anyone else was working on this also. I appreciate the reply!

What does "packages running on a remote endpoint" mean here?

Tomas, I used these YARA rules to help find log4j dependencies with osquery and it definitely helped: https://github.com/timb-machine/log4j

Please take a look at this thread in #fleet https://osquery.slack.com/archives/C01DXJL16D8/p1639196602341300

what about using osquery to check for windows server log4j?

Perhaps this might help @CyberUnify https://blog.fleetdm.com/detect-log4j-with-osquery-and-fleet-e29c9de18ac9

the thing is that there is no process_open_files for Windows Servers

same question here....

You may want to look at building a list of known paths off of the environment variable java_home vs processes open on windows then compile a static list of locations to check this will be less performant but give you similar info