osquery-1/specs/windows/registry.table

table_name("registry")
description("All of the Windows registry hives.")
schema([
    Column("hive", TEXT, "The parent registry hive where the key and value exist"),
    Column("key", TEXT, "Name of the key to search for"),
    Column("subkey", TEXT, "Name of the subkey for a given HIVE and key"),
    Column("name", TEXT, "Name of the registry value entry"),
    Column("type", TEXT, "Type of data associated with the registry value"),
    Column("data", TEXT, "Data content of registry value"),
    Column("mtime", BIGINT, "timestamp of the most recent registry write"),
])
implementation("system/windows/registry@genRegistry")
examples([
  "select * from registry",
])
Adding the windows registry virtual table (#2356) 2016-08-16 19:37:53 +00:00			`table_name("registry")`
			`description("All of the Windows registry hives.")`
			`schema([`
			`Column("hive", TEXT, "The parent registry hive where the key and value exist"),`
			`Column("key", TEXT, "Name of the key to search for"),`
			`Column("subkey", TEXT, "Name of the subkey for a given HIVE and key"),`
			`Column("name", TEXT, "Name of the registry value entry"),`
			`Column("type", TEXT, "Type of data associated with the registry value"),`
			`Column("data", TEXT, "Data content of registry value"),`
			`Column("mtime", BIGINT, "timestamp of the most recent registry write"),`
			`])`
			`implementation("system/windows/registry@genRegistry")`
			`examples([`
			`"select * from registry",`
			`])`