Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

Add support for remotectl + parsing results #915

Merged
merged 7 commits into from
Oct 26, 2022
Merged

Add support for remotectl + parsing results #915

merged 7 commits into from
Oct 26, 2022

Conversation

RebeccaMahany
Copy link
Contributor

@RebeccaMahany RebeccaMahany commented Oct 21, 2022
edited
Loading

Closes #763

Adds a parser to parse remotectl output.

Example output from querying:

osquery> select * from kolide_remotectl where query = 'Local device/UUID';
+-------------------+--------------+------+--------------------------------------+-------------------+
| fullkey           | parent       | key  | value                                | query             |
+-------------------+--------------+------+--------------------------------------+-------------------+
| Local device/UUID | Local device | UUID | 65978F15-D653-49DF-B0E5-REDACTED     | Local device/UUID |
+-------------------+--------------+------+--------------------------------------+-------------------+

@CLAassistant
Copy link

CLAassistant commented Oct 21, 2022
edited
Loading

CLA assistant check
All committers have signed the CLA.

@directionless
Copy link
Contributor

directionless commented Oct 22, 2022
edited
Loading

Here's a redacted 2 device dump from my machine. Weirdly, I see that the apple model names (iPhone12,3 and iPhone14,2) don't match the marketed product series (iPhone 11 and 13) 🤷

remotectl.dump.2.devices.txt

Update: and by "2 device" I mean 2 attached devices. So, 3 devices. I have no idea what I was thinking when I named that.

@RebeccaMahany RebeccaMahany changed the title Draft: Add support for remotectl + parsing results Add support for remotectl + parsing results Oct 25, 2022
@RebeccaMahany RebeccaMahany marked this pull request as ready for review October 25, 2022 14:54
seejdev
seejdev previously approved these changes Oct 25, 2022
View reviewed changes
@seejdev
Copy link
Contributor

seejdev commented Oct 25, 2022

This is looking good!

James-Pickett
James-Pickett previously approved these changes Oct 25, 2022
View reviewed changes
Copy link
Contributor

@James-Pickett James-Pickett left a comment

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

LGTM! Tested on my own mac including connected to my macbook air.

directionless
directionless previously approved these changes Oct 26, 2022
View reviewed changes
Copy link
Contributor

@directionless directionless left a comment

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

I didn't stare super hard at the parser, but nothing looked wrong. And it works. LGTM

@RebeccaMahany RebeccaMahany merged commit 37f4f9a into kolide:main Oct 26, 2022
@RebeccaMahany RebeccaMahany deleted the becca/remotectl-table-support branch October 26, 2022 14:19
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Reviewers

@FritzX6 FritzX6 FritzX6 left review comments

@James-Pickett James-Pickett James-Pickett approved these changes

@directionless directionless directionless left review comments

@seejdev seejdev seejdev left review comments

Assignees

@RebeccaMahany RebeccaMahany

Labels
None yet
Projects
None yet
Milestone
No milestone
Development

Successfully merging this pull request may close these issues.

Table Request: kolide_remotectl
6 participants
@RebeccaMahany @CLAassistant @directionless @seejdev @FritzX6 @James-Pickett