Mike Myers
Mike Myers
Slack discussion identified that this table is reading from SMC (the Apple System Management Controller, on Intel-based Macs). ARM Macs don't have the SMC, so we'll have to add an...
> * Mac hardware pre 2016 (No Secure Enclave) > * Mac hardware 2016-2017 (T1) > * Mac hardware 2018-2020 (T2) > * Mac hardware 2020+ (Apple Silicon) Ok, so...
Tested on latest master (d8f35d143dfb70cb88a83d8b5d090bcd28c541a9) on a macOS 12.3.1 and yep, the issue is still present. The user would probably expect osquery's list to reflect the System Preferences -> Security...
On an Ubuntu 22.04 virtual machine: ``` osquery> select interface, type, link_speed from interface_details; +-----------+------+------------+ | interface | type | link_speed | +-----------+------+------------+ | lo | 4 | 0 |...
@Smjert this is just a 2 line change, but I wonder which TSC member knows the most about the SQL core, to review/approve this?
With Windows 10, osquery 4.5.1, we're also seeing the repeated log messages about `GetOverlappedResult errored`. @Smjert believes it is another manifestation of this bug in the osquery core: https://github.com/osquery/osquery/issues/6152 If...
Confirmed that this happens on both Windows 10 and Ubuntu Linux 18, with osquery 4.5.1. It happens with not only this extension and table, but the `windows_sync_objects` table too. There...
Hi again @chouchouzzj – we think what is happening here is that we provided a precompiled SleuthKit library in our extension, and it was not a debug build binary, so...
Interesting; I assume the use case is in incident management, to contain the impact of a compromised endpoint. Some questions: * Does `usermod --lock` immediately log out the user if...