Windows osquery Client Configuration


The following topic lists the osquery’s client configuration files for Windows.

{
    "config_path": "",
    "flagfile": "",
    "extensions_autoload": "",
    "force": "true",
    "events_expiry": "3600",
    "events_max": "50000",
    "disable_tables": "augeas,carves,curl,curl_certificate,mdfind,ntfs_journal_events,powershell_events,wifi_survey,windows_events,ycloud_instance_metadata",
    "disable_watchdog": "true",
    "disable_events": "true",
    "logger_plugin": "filesystem",
    "pidfile": "${WORKDIR}\\osqueryd.pid",
    "logger_path": "${WORKDIR}\\osqueryd_log",
    "database_path": "${WORKDIR}\\osqueryd_db",
    "extensions_socket": "\\\\.\\pipe\\orbital-osquery.em"
}

Return to Orbital Yara Rules and System Configuration

Return to Table of Contents