osquery
osquery
4.9.0
0.0
0.0
osquery free download for Mac

osquery for Mac4.9.0

27 August 2021

Query your devices like a database.

What is osquery for Mac

Osquery uses basic SQL commands to leverage a relational data-model to describe a device.

Processes running without a binary on disk

Frequently, attackers will leave a malicious process running but delete the original binary on disk. This query returns any process whose original binary has been deleted, which could be an indicator of a suspicious process.

Three things you should know about osquery
  • It's fast and tested: Our build infrastructure ensures that newly introduced code is benchmarked and tested. We perform continuous testing for memory leaks, thread safety, and binary reproducibility on all supported platforms.
  • It runs everywhere: Windows, macOS, CentOS, FreeBSD, and almost every Linux OS released since 2011 are supported with no dependencies. osquery powers some of the most demanding companies, including Facebook.
  • It's open source: Osquery is released under the Apache License. Ever since we open-sourced it in 2014, organizations and individuals have contributed an ever-growing list of impressive features, useful tools, and helpful documentation.

What's new in osquery

Version 4.9.0:
New features:
  • Add filesystem logrotate feature
  • Add Non-Functional EndpointSecurity based process events to macOS (Requires updated codesigning due in 5.0)
Table changes:
  • Add mdm_managed column to system_extensions on macOS
  • Add prefetch table on Windows
  • Add support for IMDSv2 to AWS tables
  • Enable container stats on docker containers that don't have traditional networks
  • Update homebrew_packages to include new prefix, and allow specifying alternate prefixes
  • Update ntfs_acl_permissions to list all ACE entries (using GetAce())
  • Update processes table to display additional Windows attributes (secured, protected, virtual, elevated)
  • Update how package_install_history identifies the packageIdentifiers key
  • Update how identifier is calculated in chrome_extensions
Under the Hood improvements:
  • Improve speed of osquery shutdown procedure
  • Improve shutdown speed during initialization
  • Update website generators
  • CLI flag to allow osquery to keep retrying enrollment (instead of exiting)
  • rocksdb: Do not fsync WAL writes
  • Move CPack packaging to a dedicated repository
  • Restore thrift socket 5min timeout
  • Consolidate syscalls to a single audit rule
Bug fixes:
  • Add current WMI location for Dell BIOS info
  • Correct RocksDB error code and subcode printing on open failure
  • Fix pipe_channel not reading all data in a message
  • Fix crash and deadlocks in recursive logging
  • Fix custom curl_certificate timeouts
  • Fix extensions crash on shutdown
  • Handle updated paths on various macOS tables -- xprotect_entries, xprotect_meta, launchd
  • Trigger event cleanup checks every 256 events
  • Update generating an extension uuid to be thread safe
  • Watchdog should wait for the worker to shutdown
Documentation:
  • Update process auditing requirements documentation
  • Update website docs indicating windows support for YARA tables
  • Add 4.9.0 CHANGELOG
Build:
  • Add Apple provisioning profile for distribution
  • Add more tests for events expiration
  • CI: Regenerate sccache cache when compiler version changes
  • Fix flaky test test_daemon_sigint by waiting for pidfile
  • Fix icon in Windows packaging
  • Minor cleanup of unused variables
  • Print extension SDK minimum version required when failing to load
  • Remove POSIX-only -fexceptions flag on Windows
  • Remove duplicated osquery_utils_aws_tests-test
  • Remove flaky test decorators for python tests
  • Update SQLite to version 3.35.5
  • Update librdkafka to version 1.7.0
  • Update libyara to version 4.1.1
Try our new feature and write a detailed review about osquery. All reviews will be posted soon.
Write your thoughts in our old-fashioned comment
MacUpdate Comment Policy. We strongly recommend leaving comments, however comments with abusive words, bullying, personal attacks of any type will be moderated.
0.0
(0 Reviews of )
There are no reviews yet
Help the community
There are no reviews yet, be the first to leave one