seph
seph
Test it and see?
It seems reasonable to me to raise that, or perhaps to use a hidden column though I don't know how much refactoring would be needed to support making it a...
> it looks like a user can hide apps from osquery by simply using lsregister and removing it from launchservices? Worth noting that crawling disk won't help unhide that. Applications...
> It feels like this and #2868 are due to apps which are present in a path that osquery doesn't scan. (This is what I am assuming from the data...
Assuming this is something yara supports, it seems reasonable to me. The functionality is inline with the existing yara table. So much so, I'm surprised we don't do it already....
> Hey [@directionless](https://github.com/directionless) [@sharvilshah](https://github.com/sharvilshah) any steps we can take to progress on this? What it would be required from Elastic? @raqueltabuyo I'm not entirely sure what you're asking. Osquery is...
Nope, they can start whenever. To be honest, you don't strictly need blueprint issues, but they can help prevent wasted work if there's concern that a feature might not align...
Heh, I guess `runtime` is pretty ambiguous. I was thinking about uptime -- how old is this process. But maybe there are good values from `runtime` that we should expose...
Sounds right. But.... - Not sure we need `launcher_uptime_friendly` - The table is already `launcher` I'd call the column `uptime` no need to repeat it