mirror of
https://github.com/empayre/fleet.git
synced 2024-11-06 08:55:24 +00:00
e82962e4a7
* create schema/tables, add yaml schema tables * Update osquery-table-details.ejs * Generate schema from schema/tables/ folder * Create generate-yaml-tables-from-json.js * update created table files * update fleet override validation * update error messages, add fleetRepoUrl * Delete generate-yaml-tables-from-json.js * Update osquery-table-details.ejs * Update whitespace in table examples * Revert "Update osquery-table-details.ejs" This reverts commit 2e9d63208f59997d492375ebaf1d0ec7e4afe468. * add YAML tables generated from updated Fleet schema * lint fixes * update arp_cache and docker_containers tables
14 lines
430 B
YAML
14 lines
430 B
YAML
name: disk_events
|
|
examples: >-
|
|
This is an evented table, and as such, is more useful if you are sending
|
|
osquery logs to a SIEM or other centralized destination via Fleet. Events must
|
|
be enabled. This query will contain the list of all actions related to
|
|
connecting and removing disks, including SMB drives and USB storage, which can
|
|
be very useful for investigative purposes.
|
|
|
|
```
|
|
|
|
SELECT * FROM disk_events;
|
|
|
|
```
|