# osquery office hours 2023-04-11
YouTube Link: https://youtu.be/bGV3_9o29ig
## Announcements and Highlights since the last meeting
- Mike at ToB popped in with YouTube Videos, so they've been back populated. Thank you Mike!
- 5.8.2 should be stable
## Any Questions / Issues / PRs people want to discuss?
The intent of this section is to provide a clear time for community members to bring up _anything_.
Broad questions? Bugs? Deployment questions? Blocked PRs?
## Agenda down here
## Experimental features for macOS EndpointSecurity FIM (Sharvil)
Background: `open/access` calls tend to cause performance issues mostly on older macOS versions. But there is a strong need for these calls, thoughts on having experimental flags to enable them and having a documented caveat about the issues.
One possible usecase is to have a very specific monitoring file opens on sensitive files. Keychain, gh credentials, etc.
General support for the functionality. And discussion about how to expose this option.
* It has to be configured _before_ the ES starts. So it must be a config or flag, it cannot be in the sql query
* General agreement that we should not call it `expirmental`
* Given the next item, is this easier if we make this a ventura only feature
* If possible, take inspiration from the existing linux configs
### Newer EndpointSecurity path APIs on Ventura
Background: Ventura introduced "only monitor these files" APIs, these are really
Symbols only present on Ventura, can use `dlopen/dlsym` and doing a bit of runtime checking, this seems to work okay on my machineTM (but I need to test this with codesign/notarization)
Similar broad support for this. Discussion about how to support it in the configuration file. As possible unify configs with the [File Accesses (Linux only)](https://osquery.readthedocs.io/en/5.8.2/deployment/file-integrity-monitoring/)
## Curl Table
Zach@Fleet discusses that the TLS server certs bundle overrides the the curl table's bundle.
seph thinks there's probably _someone_ that depends on the current behavior, but seph is supportive of decoupling these
## Windows Search API
## Look At Open CVS / Security Tickets
[List of Issues tagged with Security](https://github.com/osquery/osquery/issues?q=is%3Aopen+is%3Aissue+label%3Asecurity)
OpenSSL has 3 vulnerabilities. Stefano says these are about using policies to perform additional verification of certs. We don't think we using it, but Stefano will pick up an update.
## Look at old PRs
_(If there's time, we've been trying to re-visit old PRs)_
[Reverse Sorted List of PRs](https://github.com/osquery/osquery/pulls?q=is%3Apr+is%3Aopen+sort%3Acreated-asc)
- CI OSes -- https://github.com/osquery/osquery/pull/7984