Windows osquery Client Configuration

The following topic lists the osquery's client configuration files for Windows.

{

"config_path": "",

"flagfile": "",

"extensions_autoload": "",

"force": "true",

"events_expiry": "3600",

"events_max": "50000",

"disable_tables": "augeas,carves,curl,curl_certificate,mdfind,ntfs_journal_events,powershell_events,wifi_survey,windows_events,ycloud_instance_metadata",

"disable_watchdog": "true",

"disable_events": "true",

"logger_plugin": "filesystem",

"pidfile": "${WORKDIR}\\osqueryd.pid",

"logger_path": "${WORKDIR}\\osqueryd_log",

"database_path": "${WORKDIR}\\osqueryd_db",

"extensions_socket": "\\\\.\\pipe\\orbital-osquery.em"

}

Return to Orbital Yara Rules and System Configuration