mirror of
https://github.com/empayre/fleet.git
synced 2024-11-06 08:55:24 +00:00
e82962e4a7
* create schema/tables, add yaml schema tables * Update osquery-table-details.ejs * Generate schema from schema/tables/ folder * Create generate-yaml-tables-from-json.js * update created table files * update fleet override validation * update error messages, add fleetRepoUrl * Delete generate-yaml-tables-from-json.js * Update osquery-table-details.ejs * Update whitespace in table examples * Revert "Update osquery-table-details.ejs" This reverts commit 2e9d63208f59997d492375ebaf1d0ec7e4afe468. * add YAML tables generated from updated Fleet schema * lint fixes * update arp_cache and docker_containers tables
20 lines
779 B
YAML
20 lines
779 B
YAML
name: account_policy_data
|
|
examples: >-
|
|
Query the creation date of user accounts. You could also query the date of the
|
|
last failed login attempt or password change.
|
|
|
|
```
|
|
|
|
SELECT strftime('%Y-%m-%d %H:%M:%S',creation_time,'unixepoch') AS creationdate FROM account_policy_data;
|
|
|
|
```
|
|
|
|
|
|
See each user's last password set date and number of failed logins since last successful login to detect any intrusion attempts.
|
|
|
|
```
|
|
|
|
SELECT u.username u.uid, strftime('%Y-%m-%dT%H:%M:%S', a.password_last_set_time, 'unixepoch') AS password_last_set_time, a.failed_login_count, strftime('%Y-%m-%dT%H:%M:%S', a.failed_login_timestamp, 'unixepoch') AS failed_login_timestamp FROM account_policy_data AS a CROSS JOIN users AS u USING (uid) ORDER BY password_last_set_time ASC;
|
|
|
|
```
|