fleet/schema/tables/disk_events.yml

name: disk_events
examples: >-
  This is an evented table, and as such, is more useful if you are sending
  osquery logs to a SIEM or other centralized destination via Fleet. Events must
  be enabled. This query will contain the list of all actions related to
  connecting and removing disks, including SMB drives and USB storage, which can
  be very useful for investigative purposes.

  ```

  SELECT * FROM disk_events;

  ```
Add Fleet override schema files (#8278) * create schema/tables, add yaml schema tables * Update osquery-table-details.ejs * Generate schema from schema/tables/ folder * Create generate-yaml-tables-from-json.js * update created table files * update fleet override validation * update error messages, add fleetRepoUrl * Delete generate-yaml-tables-from-json.js * Update osquery-table-details.ejs * Update whitespace in table examples * Revert "Update osquery-table-details.ejs" This reverts commit 2e9d63208f59997d492375ebaf1d0ec7e4afe468. * add YAML tables generated from updated Fleet schema * lint fixes * update arp_cache and docker_containers tables 2022-10-18 19:13:42 +00:00			`name: disk_events`
			`examples: >-`
			`This is an evented table, and as such, is more useful if you are sending`
			`osquery logs to a SIEM or other centralized destination via Fleet. Events must`
			`be enabled. This query will contain the list of all actions related to`
			`connecting and removing disks, including SMB drives and USB storage, which can`
			`be very useful for investigative purposes.`

			```

			`SELECT * FROM disk_events;`

			```