Returns the results from a basic OSQuery query on a remote Linux machine.
For more information read documentation at https://osquery.readthedocs.io/
OS Query
- Details
- Content
- Dependencies
- Version History
Run OS query on a linux system.
Automations
| Name | Description |
|---|---|
| OSQueryBasicQuery | |
| OSQueryLoggedInUsers | Deprecated. Use OSQueryBasicQuery with query='select liu.*, p.name, p.cmdline, p.cwd, p.root from logged_in_users liu, processes p where liu.pid = p.pid;' instead. |
| OSQueryUsers | Deprecated. Use OSQueryBasicQuery with query='select * from users;' instead. |
| OSQueryProcesses | Deprecated. Use OSQueryBasicQuery with query='select * from processes' instead. |
| OSQueryOpenSockets | Deprecated. Use OSQueryBasicQuery with query='select distinct pid, family, protocol, local_address, local_port, remote_address, remote_port, path from process_open_sockets where path |
Automations
| Name | Description |
|---|---|
| OSQueryOpenSockets | Deprecated. Use OSQueryBasicQuery with query='select distinct pid, family, protocol, local_address, local_port, remote_address, remote_port, path from process_open_sockets where path |
| OSQueryUsers | Deprecated. Use OSQueryBasicQuery with query='select * from users;' instead. |
| OSQueryProcesses | Deprecated. Use OSQueryBasicQuery with query='select * from processes' instead. |
| OSQueryLoggedInUsers | Deprecated. Use OSQueryBasicQuery with query='select liu.*, p.name, p.cmdline, p.cwd, p.root from logged_in_users liu, processes p where liu.pid = p.pid;' instead. |
| OSQueryBasicQuery | Returns the results from a basic OSQuery query on a remote Linux machine. |
Required Content Packs (2)
| Pack Name | Pack By |
|---|---|
| Base | By: Cortex XSOAR |
| Common Scripts | By: Cortex XSOAR |
Optional Content Packs (0)
| Pack Name | Pack By |
|---|
All level dependencies (3)
| Pack Name | Pack By |
|---|---|
| Common Scripts | By: Cortex XSOAR |
| Cortex REST API | By: Cortex XSOAR |
| Base | By: Cortex XSOAR |
1.0.6 - R4718798 (March 1, 2023)
- 21234
- 21035
Download
Scripts
OSQueryLoggedInUsers
- Deprecated. Use OSQueryBasicQuery with
query='select liu.*, p.name, p.cmdline, p.cwd, p.root from logged_in_users liu, processes p where liu.pid = p.pid;'instead.
OSQueryOpenSockets
- Deprecated. Use OSQueryBasicQuery with
query='select distinct pid, family, protocol, local_address, local_port, remote_address, remote_port, path from process_open_sockets where path <> '' or remote_address <> '';'instead.
OSQueryProcesses
- Deprecated. Use OSQueryBasicQuery with
query='select * from processes'instead.
OSQueryUsers
- Deprecated. Use OSQueryBasicQuery with
query='select * from users;'instead.
- 21234
- 21035
Download
PUBLISHER
PLATFORMS
Cortex XSOARCortex XSIAM
INFO
| Certification | Certified | Read more |
| Supported By | Cortex | |
| Created | November 9, 2020 | |
| Last Release | December 28, 2023 |