go project track file changes on host machine
- Docker: Ensure that Docker is installed and running on your machine.
- Make: Ensure that
makeis installed on your system.
- Node.js
- Wails: Wails is a project that enables you to write desktop apps using Go and web technologies.
- Osquery: Osquery uses basic SQL commands to leverage a relational data-model to describe a device
- setup config and osquery on mac
make setup/osquery/mac- setup mongo db in docker
make logsdb- start osquery on mac
make start/osqueryd/mac- Build package
make build/package- Run build
make run/build/macOR
- Run in dev mode
make run/dev/maccurl -s -X GET http://localhost:9000/v1/health
curl -s -X POST http://localhost:9000/v1/commands \
-H "Content-Type: application/json" \
-d "{\"commands\":[\"touch $HOME/Downloads/test1.txt\"]}"OR create new file manually
touch $HOME/Downloads/test2.txt- wait 5 seconds and click "Fetch logs" on UI
OR run command below
curl -s -X GET http://localhost:9000/v1/logs\?limit=2
NOTES
osqueryd flags
-
macOS:
sudo osqueryd --verbose --disable_events=false --disable_audit=false --disable_endpointsecurity=false --disable_endpointsecurity_fim=false --enable_file_events=true
-
Windows: (as administrator)
osqueryd --verbose --disable_events=false --enable_ntfs_event_publisher=true --enable_powershell_events_subscriber=true --enable_windows_events_publisher=true --enable_windows_events_subscriber=true