Crate osquery_rust

With osquery-rust, we strive to make Osquery extension development a breeze. If you have ideas how to improve developer experience, reach out to us on GitHub.

If you encounter any issue with this crate, please raise an issue. We are here to support you and your venture.

As this is the crate’s documentation, we focus here on the lib itself. However, osquery-rust is more than just the lib. Please check out the project’s README on GitHub to see the whole picture.

Include osquery-rust in your Rust project

Make sure to include osquery-rust as a dependency in your Cargo.toml. As osquery-rust is in its early stages and might evolve fast, please check for the latest version often. We adhere to semver. So you can rely on caret notation when selecting the version.

[dependencies]
osquery-rust = "^0.1"

Get started

Annotate main with #[osquery_rust::args] to import code defining the CLI of your extension.

use osquery_rust::prelude::*;

#[osquery_rust::args]
fn main() -> std::io::Result<()> {

    // Args available due to annotation
    let args = Args::parse();

    // Have a look at the example folder for more details.

    Ok(())
}

Modules

plugin

prelude

Expose all structures required in virtually any osquery extension

Structs

Server

Type Aliases

ExtensionPluginRequest

ExtensionPluginResponse

ExtensionResponse

ExtensionStatus

Attribute Macros

args

Defines a CLI for an osquery-rust based extension which is compliant to osquery interface.