I need to do a school project where I have to monitor an endpoint with osquery.
I'm trying to write the config file "osquery.conf" to connect my desktop computer to my laptop. I've tried starting osqueryd using the configuration file, but it doesn't work, and I'm not sure how to pass parameters like IP address and much more to perform remote scanning of my laptop. Could you help me?
Osquery is not a remote scanning tool. Osquery is a tool that can report on a local system, using SQL queries. It is akin to an API translation layer.
Osquery can be configured to enroll with a remote TLS server. This supports fetching configuration, running ad-hoc queries, and returning logs. This is documented in https://osquery.readthedocs.io/en/stable/deployment/remote/