https://github.com/osquery/osquery logo
Powered by
#general
Title
# general
e

ET

09/14/2020, 3:12 PM
Let me try
f

fritz

09/14/2020, 3:27 PM
What in particular are you trying to marry between the two datasets?
e

ET

09/14/2020, 3:30 PM
I try to find some application by name And the first interested things that is to know if this process is already running..
I found 10 process matched from 116 installed app.
f

fritz

09/14/2020, 3:36 PM
I don't believe I understand your goal. Are you asking for a query that looks for: 1. All installed applications 2. Whether each installed application has a running process (eg. Microsoft Office Word 2020 is open and running)
e

ET

09/15/2020, 7:21 AM
yes
f

fritz

09/15/2020, 12:46 PM
If you are trying to query user behavior you are better off querying the 
userassist
table which has thing like '# of times opened', 'last opened'.
4 Views
Powered by