Giter VIP home page Giter VIP logo

osquery-java's Introduction

osquery-java

Overview

This project contains the Java bindings for creating osquery extensions in Java. The extension can register table, config or logger plugins. Plugin can quickly enable the integration of data which is not yet available as a part of base osquery.

Prerequisites

Osquery must be installed on the computer you are running this software. Osquery should be run as the same user the user which runs the code shown here.

How to

Consider the following example:

import java.util.Arrays;
import java.util.HashMap;
import java.util.List;
import java.util.Map;

import net.melastmohican.osquery.BasePlugin;
import net.melastmohican.osquery.PluginManager;
import net.melastmohican.osquery.TablePlugin;
import net.melastmohican.osquery.TablePlugin.TableColumn;
import net.melastmohican.osquery.TablePluginTest.SimpleTablePlugin;

public class MyTablePlugin extends TablePlugin {

	@Override
	public List<TableColumn> columns() {
		return Arrays.asList(new TableColumn("foo", "TEXT"), new TableColumn("baz", "TEXT"));
	}

	@Override
	public String name() {
		return "mytable";
	}

	@Override
	public List<Map<String, String>> generate() {
		List<Map<String, String>> result = Arrays.<Map<String, String>>asList(new HashMap<String, String>() {
			{
				put("foo", "bar");
				put("baz", "baz");
			}
		}, new HashMap<String, String>() {
			{
				put("foo", "bar");
				put("baz", "baz");
			}
		});
		return result;
	}

	public static void main(String[] args) {
		BasePlugin plugin = new MyTablePlugin();
		PluginManager pm = PluginManager.getInstance();
		pm.addPlugin(plugin);
		pm.startExtension("MyTablePlugin","0.0.1","2.2.1","2.2.1");
	}

}

To test this code start an osquery shell:

osqueryi --nodisable_extensions
osquery> select value from osquery_flags where name = 'extensions_socket';
value
/Users/USERNAME/.osquery/shell.em

Then start the Java extension:

javac MyTablePlugin.java
java -Dextension.socket=/Users/USERNAME/.osquery/shell.em MyTablePlugin

This will register a table called "mytable". As you can see, the table will return two rows:

osquery> select * from mytable;
foo baz
bar baz
bar baz 
osquery>

Execute queries in Java

The same Thrift bindings can be used to create a Java client for the osqueryd or osqueryi's extension socket.

ClientManager cm =  new ClientManager();
cm.open();	
ExtensionManager.Client client = cm.getClient();
System.out.println("select timestamp from time");
ExtensionResponse res = client.query("select timestamp from time");
System.out.println(res.response);

osquery-java's People

Contributors

melastmohican avatar igor-suhorukov avatar

Stargazers

Vlad Ilyushchenko avatar

Watchers

James Cloos avatar

Recommend Projects

  • React photo React

    A declarative, efficient, and flexible JavaScript library for building user interfaces.

  • Vue.js photo Vue.js

    ๐Ÿ–– Vue.js is a progressive, incrementally-adoptable JavaScript framework for building UI on the web.

  • Typescript photo Typescript

    TypeScript is a superset of JavaScript that compiles to clean JavaScript output.

  • TensorFlow photo TensorFlow

    An Open Source Machine Learning Framework for Everyone

  • Django photo Django

    The Web framework for perfectionists with deadlines.

  • D3 photo D3

    Bring data to life with SVG, Canvas and HTML. ๐Ÿ“Š๐Ÿ“ˆ๐ŸŽ‰

Recommend Topics

  • javascript

    JavaScript (JS) is a lightweight interpreted programming language with first-class functions.

  • web

    Some thing interesting about web. New door for the world.

  • server

    A server is a program made to process requests and deliver data to clients.

  • Machine learning

    Machine learning is a way of modeling and interpreting data that allows a piece of software to respond intelligently.

  • Game

    Some thing interesting about game, make everyone happy.

Recommend Org

  • Facebook photo Facebook

    We are working to build community through open source technology. NB: members must have two-factor auth.

  • Microsoft photo Microsoft

    Open source projects and samples from Microsoft.

  • Google photo Google

    Google โค๏ธ Open Source for everyone.

  • D3 photo D3

    Data-Driven Documents codes.