I'm feeling confused.. like I've seen this in the past [0] [1] [2] but had no idea the project was affiliated with Facebook. Oh wait, I was thinking of envdb [3].. and meanwhile envdb is renamed to Kolide [4] and is targeting "osquery command and control".<p><pre><code> Infinite loop detected.
Program aborted.
</code></pre>
[0] <a href="https://github.com/osquery/osquery-python" rel="nofollow">https://github.com/osquery/osquery-python</a><p>[1] <a href="https://encrypted.google.com/search?q=site%3Anews.ycombinator.com+osquery" rel="nofollow">https://encrypted.google.com/search?q=site%3Anews.ycombinato...</a><p>[2] <a href="https://news.ycombinator.com/item?id=8528460" rel="nofollow">https://news.ycombinator.com/item?id=8528460</a><p>[3] <a href="https://news.ycombinator.com/item?id=9324717" rel="nofollow">https://news.ycombinator.com/item?id=9324717</a><p>[4] <a href="https://github.com/kolide/kolide" rel="nofollow">https://github.com/kolide/kolide</a>
So they have reinvented Windows Management Instrumentation (WMI)? I think it even uses similar pseudo-SQL queries.<p>Thank you, I'll stay with the Microsoft solution that will still work in 10 years.
This is very cool. I've recently come to a very sincere appreciation for SQL, to the point that I've dumped data into an in-memory SQLite instance just to to the analysis.
I use osquery for linux at my job. But I find its regex capabilities for specifying paths and various file names very restrictive. I really want to use this for FIM.