![]() ![]() At Facebook, we use extensions extensively to implement many plugins that take advantage of internal APIs and tools. Using the instructions found on the wiki, you can easily deploy your extension with an existing osquery deployment.Įxtensions are the core way that you can extend and customize osquery. This is obviously a contrived example, but it's easy to imagine the possibilities. As you can see, the table will return two rows: osquery> select * from foobar This will register a table called "foobar". my_table_plugin.py -socket /Users/USERNAME/.osquery/shell.emĪlternatively, you can also autoload your extension when starting an osquery shell: osqueryi -extension path_to_my_table_plugin.py Osquery> select value from osquery_flags where name = 'extensions_socket' To test this code start an osquery shell: osqueryi -nodisable_extensions start_extension ( name = "my_awesome_extension", version = "1.0.0" ) append ( row ) return query_data if _name_ = "_main_" : osquery. TablePlugin ): def name ( self ): return "foobar" def columns ( self ): return def generate ( self, context ): query_data = for _ in range ( 2 ): row = row = "bar" row = "baz" query_data. register_plugin class MyTablePlugin ( osquery. Consider the following example: #!/usr/bin/env python import osquery. This project contains the official Python bindings for creating osquery extensions in Python. In osquery, SQL tables, configuration retrieval, log handling, etc are implemented via a simple, robust plugin and extensions API. If you're interested in learning more about osquery, visit the GitHub project, the website, and the users guide. With osquery, SQL tables represent abstract concepts such as running processes, loaded kernel modules, open network connections, browser plugins, hardware events or file hashes. This allows you to write SQL-based queries to explore operating system data. ![]() Osquery exposes an operating system as a high-performance relational database.
0 Comments
Leave a Reply. |