[LiveDiscoverHelp] Memory_info table on os_query schema is missing for Windows while for Linux its available.

We have a script that will display system memory and load but is only available for Linux devices.

Pre canned script = "System memory and load"

Is there a script for windows devices that will display system memory and load? If so can you please provide it?

Can you please confirm that the memory table is missing

If so, can you make an internal support request to be added to the live discover?

This may be required for incident response and troubleshooting and looks to be a bug in your osquery schema

Thank you.

YenzLS

JeramyKopacko 8 months ago

Hi YenzLS ,

Thank you for your post and bringing this to our attention. This table is performing as expected. It is specific to the Linux OS and not Windows OS.

If you enable "Discover Mode" within the Threat Analysis Center > Live Discover, you will be able to review the underlying code that powers the query. Upon reviewing the code, you'll find it is drawing from the table "memory_info." EDR on the agents uses osquery and the table referenced is only available for Linux.

I hope this helps.

Jeramy
- Cancel
- Vote Up 0 Vote Down
- More
- Cancel

Uncategorized

Anomalies

ATT&CK

Cloud Optix

Compliance

Data Lake

Device

Email

Events

Files

Live Response

Network

Other queries

Processes

Query Tips

Registry

Threat Hunting

User

[LiveDiscoverHelp] Memory_info table on os_query schema is missing for Windows while for Linux its available.