Osquery Flag configuration to use HTTP Proxy in Windows assets

Osquery Flag configuration to use HTTP Proxy in Windows assets

Per default configuration,osquery in a windows asset checks, if it can reach to uptycs cloud; before doing an Enrollment request.

If it is able to connect, it will continue without using any proxy. If above connection attempt fails,

1) Then osquery tries to get information from operating system. In case of windows, a pac file setting is given preference to a manually configured proxy server setting.It then uses the configured proxy (or list of proxies) to test connectivity to the cloud  and proceeds with enrollment request etc. 

2) If connecting via OS configured proxy fails or if no OS-configured proxy is found, osquery reads the proxy_hostname flag. The flag may contain a single proxy or a list of proxies (separated by a comma but no space). Osquery tries to use the specified proxy or each proxy from the list to test connectivity to the cloud.  

3) The first successful connection to the cloud via a proxy selected using above two steps is considered  as the best proxy and is locally  cached,stored into the osquery database for further subsequent connections to the cloud. This cache is used unless a connection  to  the cloud fails, in which case the above steps are re-executed to find a new best proxy server to connect to the cloud.  

4) Password protected proxies are not supported. 

NOTE: proxy_hostname flag is not packaged by default in the  osquery msi file, but it is available in  GUI under Configuration >> Flag Profiles >> Misc( in flags listing) >> proxy_hostname.  Upon setting this value as desired, asset will get updated with this configuration during next config update. But, note that asset will need to connect via regular network link to download this config.  If you will need a MSI package pre-updated with list of proxy entries, Please contact uptycs support - via support.uptycs.com portal. 

    • Related Articles

    • Proxy support

      Overview Uptycs agent (osquery) needs cloud connectivity to function properly. However, endpoints might not be accessing the internet directly. A lot of scenarios have emerged where the endpoint uses proxy servers to connect to internet. This is ...
    • Flag configuration for Multiple Proxy Support

      The support for multiple proxies has been introduced after the release Osquery version and above. Multiple proxies can be setup through the flag profile.  The list of proxies are specified as a comma-separated list. Osquery will attempt to ...
    • Steps to manual install/uninstall osquery on Windows a system

      Overview This document outlines the procedure on how to install/uninstall osquery on a Windows Procedure Installation Right-click (or double-click) the pkg file and choose "Install" OSquery will self-install. Uninstall Go to the "Control Panel" ...
    • osqueryd Flags and command line guide

      $ sudo osqueryd --help Password: osquery, your OS as a high-performance relational database Usage: osqueryd [OPTION]...  osquery command line flags: --flagfile PATH Line-delimited file of additional flags --D Run as a daemon process ...
    • Steps to manually install/uninstall Osquery on CentOS Linux

      Overview This document outlines the procedure on how to install/uninstall osquery on CentOS-based Linux. Procedure Installation Download the installer. Copy the Ubuntu installer (osquery-<version>-rpm) to the endpoint (to a directory such as /tmp) cp ...