Check what's happen

cvo · November 15, 2021, 7:42am

Hi,

not that easy to to understand what’s happen in your system while a process is running.
This may help you a little.
It extracts some system parameters using osquery

install osquery on your system (https://osquery.io/downloads/official/5.0.1)
open the EM project attached
select the tables you want to extract : select in the filter transformation of the main module
run the project

it will extract some systems parameters into JSON and DSET files
as we can’t assign a specific codepage to a command line transformation in EM, there’s a little workaround to convert the query results from codepage 850 to 65001 before saving the JSON file.osquery.zip (29.1 KB)

hope it will be useful

Regards

dgudkov · November 15, 2021, 6:50pm

Neat!

I would make a Launcher task with a fixed list parameter for the target osquery table. In this case, it would be possible to launch ad hoc queries for system data in a couple of clicks right from the Launcher.

cvo · November 16, 2021, 3:40pm

could be useful in a data catalog