osquery-extensions
osquery-extensions copied to clipboard
trailofbits
osquery extensions by Trail of Bits
A user reports that the `network_monitor` extension continues to run after quitting `osqueryi` and it has to be manually terminated. When quitting osquery, he sees: `Thrift: Wed Nov 11 07:15:12...
This is more of a question... How would I go about allowing access to a single IP address ( or IP address range ), or a single domain... or port......
I downloaded the official osquery 4.5.0.msi and installed on a Windows 10 system. When running osqueryi.exe using the following _osqueryi.exe --allow_unsafe --extension trailofbits_osquery_extensions.ext.exe_ I am getting lots of errors when...
Well , base on https://github.com/trailofbits/osquery-extensions/issues/68 I add this code in file: cmake/flags.cmake `set(CMAKE_MSVC_RUNTIME_LIBRARY "MultiThreaded$")` And then `cmake --config Release --build .` It works well. and this following part works well...
**observed behavior:** ``` osquery> SELECT * FROM ntfs_part_data; +--------------------+---------+------------------------------+ | device | address | description | +--------------------+---------+------------------------------+ | \\.\PhysicalDrive0 | 0 | Safety Table | | \\.\PhysicalDrive0 | 1 |...
Nice meeting you all at Querycon! This is a task to capture the idea we had of exposing the output of `santactl status` as a table in the Santa extension....
WORK IN PROGRESS A simple extension to allow locking and unlocking of linux local user accounts. Uses "usermod --lock --expiredate 1 " and "usermod --unlock --expiredate '' " to lock...
Hi, i'm working on a Windows 10 Pro 1909 VM with OSQuery 4.3.0 and trailofbits extensions v1.2. When I run `osqueryi --extensions_require ` I get a lots of log messages:...
