ActivityWatch plugin for osquery

watcher.py

#!/usr/bin/env python

import osquery
import requests

headers = {
    'Accept': 'application/json',
}
URL = 'http://localhost:5600/api/0/' \
      'buckets/aw-watcher-window_Beaker-2.local/events'

@osquery.register_plugin
class MyTablePlugin(osquery.TablePlugin):
    def name(self):
        return "aw_window"

    def columns(self):
        return [
            osquery.TableColumn(name="timestamp", type=osquery.STRING),
            osquery.TableColumn(name="title", type=osquery.STRING),
            osquery.TableColumn(name="app", type=osquery.STRING),
            osquery.TableColumn(name="duration", type=osquery.STRING),
        ]

    def generate(self, context):
        query_data = []

        r = requests.get(URL, headers=headers)

        for row in r.json():
            row.update(row['data'])
            row['duration'] = str(row['duration'])
            
            del row['id']
            del row['data']

            query_data.append(row)

        return query_data

if __name__ == "__main__":
    osquery.start_extension(name="activitywatch-window",
                            version="1.0.0",)