OS Query

Details
Content
Dependencies
Version History

Run OS query on a linux system.

Automations

Name	Description
OSQueryLoggedInUsers	Deprecated. Use OSQueryBasicQuery with query='select liu.*, p.name, p.cmdline, p.cwd, p.root from logged_in_users liu, processes p where liu.pid = p.pid;' instead.
OSQueryOpenSockets	Deprecated. Use OSQueryBasicQuery with query='select distinct pid, family, protocol, local_address, local_port, remote_address, remote_port, path from process_open_sockets where path `<>` '' or remote_address `<>` '';' instead.
OSQueryProcesses	Deprecated. Use OSQueryBasicQuery with query='select * from processes' instead.
OSQueryBasicQuery	Returns the results from a basic OSQuery query on a remote Linux machine. For more information read documentation at https://osquery.readthedocs.io/
OSQueryUsers	Deprecated. Use OSQueryBasicQuery with query='select * from users;' instead.

Automations

Name	Description
OSQueryUsers	Deprecated. Use OSQueryBasicQuery with query='select * from users;' instead.
OSQueryOpenSockets	Deprecated. Use OSQueryBasicQuery with query='select distinct pid, family, protocol, local_address, local_port, remote_address, remote_port, path from process_open_sockets where path `<>` '' or remote_address `<>` '';' instead.
OSQueryBasicQuery	Returns the results from a basic OSQuery query on a remote Linux machine. For more information read documentation at https://osquery.readthedocs.io/
OSQueryProcesses	Deprecated. Use OSQueryBasicQuery with query='select * from processes' instead.
OSQueryLoggedInUsers	Deprecated. Use OSQueryBasicQuery with query='select liu.*, p.name, p.cmdline, p.cwd, p.root from logged_in_users liu, processes p where liu.pid = p.pid;' instead.

Required Content Packs (2)

Pack Name	Pack By
Base	By: Cortex XSOAR
Common Scripts	By: Cortex XSOAR

Optional Content Packs (0)

Pack Name	Pack By

All level dependencies (3)

Pack Name	Pack By
Cortex REST API	By: Cortex XSOAR
Base	By: Cortex XSOAR
Common Scripts	By: Cortex XSOAR

PUBLISHER

PLATFORMS

Cortex XSOARCortex XSIAM

INFO

Certification	Certified	Read more
Supported By	Cortex
Created	November 9, 2020
Last Release	November 28, 2024

DISCLAIMER

Content packs are licensed by the Publisher identified above and subject to the Publisher’s own licensing terms. Palo Alto Networks is not liable for and does not warrant or support any content pack produced by a third-party Publisher, whether or not such packs are designated as “Palo Alto Networks-certified” or otherwise. For more information, see the Marketplace documentation.

Scripts

OSQueryBasicQuery

Scripts

OSQueryBasicQuery

Scripts

OSQueryBasicQuery

Scripts

OSQueryOpenSockets

Scripts

OSQueryBasicQuery

PUBLISHER

PLATFORMS

INFO

DISCLAIMER