Last Updated: 5/21/2024
This post discusses osquery and how to use python to make queries. i.e. How we can leverage it.
pip install osqueryexample code:
import osquery
if __name__ == "__main__":
# Spawn an osquery process using an ephemeral extension socket.
instance = osquery.SpawnInstance()
instance.open() # This may raise an exception
# Issues queries and call osquery Thrift APIs.
x = instance.client.query("select timestamp from time")
print(type(x))
print(x)
When executed it presents the following
root@node1:~# python test2.py
<class 'osquery.extensions.ttypes.ExtensionResponse'>
ExtensionResponse(status=ExtensionStatus(code=0, message='OK', uuid=0), response=[{'timestamp': 'Tue May 21 17:29:26 2024 UTC'}])