osquery-rs
This crate allows you to execute osquery SQL queries using osquery Thrift API. You can execute osquery SQL query using one of the following methods:
-
Connect to the extension socket for an existing osquery instance
-
Spawn your own osquery instance and communicate with it using its extension socket
Currently this crates only works on Linux. I am still working on Windows version.
Usage
-
Add it to your dependencies
[] = { = "https://github.com/AbdulRhmanAlfaifi/osquery-rs"}
-
Start executing queries !
Examples
Connect to extension socket for an existing osquery instance
use OSQuery;
Spawn your own osquery instance (standalone)
use OSQuery;
by default the socket path is /tmp/osquery-rs
, you can change it by calling the function set_socket
:
use OSQuery;