forked from osquery/osquery-python
-
Notifications
You must be signed in to change notification settings - Fork 0
/
Copy pathmany_plugins.ext
executable file
·75 lines (64 loc) · 2.08 KB
/
many_plugins.ext
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
73
74
75
#!/usr/bin/env python
"""This source code is licensed under the BSD-style license found in the
LICENSE file in the root directory of this source tree. An additional grant
of patent rights can be found in the PATENTS file in the same directory.
"""""
import osquery
import json
@osquery.register_plugin
class TestConfigPlugin(osquery.ConfigPlugin):
"""Example config plugin"""
def name(self):
return "test_config"
def content(self):
return [
{
"source_one": json.dumps({
"schedule": {
"time_1": {
"query": "select * from time",
"interval": 1,
},
},
}),
"source_two": json.dumps({
"schedule": {
"time_2": {
"query": "select * from foobar",
"interval": 2,
},
},
}),
}
]
@osquery.register_plugin
class TestLoggerPlugin(osquery.LoggerPlugin):
"""Example logger plugin"""
def name(self):
return "test_logger"
def log_string(self, value):
with open("/tmp/osqueryd.results.log", "a") as file_handle:
file_handle.write(value)
return osquery.extensions.ttypes.ExtensionStatus(code=0, message="OK")
@osquery.register_plugin
class FoobarTablePlugin(osquery.TablePlugin):
"""Example table plugin"""
def name(self):
return "foobar"
def columns(self):
return [
osquery.TableColumn(name="foo", type=osquery.STRING),
osquery.TableColumn(name="baz", type=osquery.STRING),
]
def generate(self, context):
query_data = []
for _ in range(2):
row = {}
row["foo"] = "bar"
row["baz"] = "baz"
query_data.append(row)
return query_data
if __name__ == "__main__":
osquery.start_extension(
name="many_plugins",
version="1.0.0",)