Mike Myers

> I'm a bit concerned about some of the license issues here. It includes proto files from containerd that would be licensed under Apache-2. It may be possible to add...

In the CI: `51: [ FAILED ] FileOpsTests.test_safe_permissions (15 ms)`

Regarding ` select * from syslog;` is this trying to return too much information? What table is this? It is not in the osquery schema. Did you mean `syslog_events`?

Just needs a small conflict resolved because https://github.com/osquery/osquery/pull/7760 was merged

Many osquery queries do require `sudo` or `Administrator`. I think this particular field originates from SMBIOS https://github.com/osquery/osquery/blob/d2be385d71f401c85872f00d479df8f499164c5a/osquery/tables/system/linux/system_info.cpp#L114

It seems you are trying to run osquery as non-root, but the log output directory is `/var/log/osquery/`. If `/var/log/` is owned by `root`, could that be the problem?

I followed @zgdatadoghq 's steps and it does trigger XProtect to submit a report to Apple, and indeed the `xprotect_reports` table appears to remain empty. (If doing this does not...

Confirmed using a file event listener on macOS 10.15.7 that no files are created as the result of an XProtect detection, so as of Catalina, the osquery `xprotect_reports` table is...

@directionless @alessandrogario @sharvilshah how do folks feel about deprecating this `xprotect_reports` table and just resurrecting it later if we can. It is currently just non-working functionality in osquery.

Thanks @apinter-figma , although I have not tried to reproduce this myself yet, we look forward to seeing the PR you mentioned.