Does windows_crashes only fetch data from the minidump folder and we can't extract any data unless we manually create a dump file

Question

Does windows_crashes only fetch data from the minidump folder and we can't extract any data unless we manually create a dump file

Opened this issue 4 months ago · 0 comments

Question

The question is regarding windows_crashes table on windows.
Currently I'm using windows 10 and osquery version 5.9.1 .
Is there any way to fetch data in the osquery tables without having to manually create dump files everytime we need to see the osquery outputs?
Does osquery only fetch data from the minidump folder only?