osquery-1/specs/logged_in_users.table

table_name("logged_in_users")
description("Users with an active shell on the system.")
schema([
    Column("type", TEXT, "Login type"),
    Column("user", TEXT, "User login name"),
    Column("tty", TEXT, "Device name"),
    Column("host", TEXT, "Remote hostname"),
    Column("time", INTEGER, "Time entry was made"),
    Column("pid", INTEGER, "Process (or thread) ID"),
])
extended_schema(WINDOWS, [
    Column("sid", TEXT, "The user's unique security identifier"),
    Column("registry_hive", TEXT, "HKEY_USERS registry hive"),
])
attributes(cacheable=True)
implementation("logged_in_users@genLoggedInUsers")
Implement logged_in_users. Fixes #9. 2014-11-23 04:49:37 +00:00			`table_name("logged_in_users")`
Addind all the missing descriptions for tables 2015-02-07 03:05:50 +00:00			`description("Users with an active shell on the system.")`
Implement logged_in_users. Fixes #9. 2014-11-23 04:49:37 +00:00			`schema([`
Add 'type' to logged_in_users (#2343) 2016-08-13 05:09:57 +00:00			`Column("type", TEXT, "Login type"),`
Adding description to columns 2015-02-10 04:13:11 +00:00			`Column("user", TEXT, "User login name"),`
			`Column("tty", TEXT, "Device name"),`
			`Column("host", TEXT, "Remote hostname"),`
			`Column("time", INTEGER, "Time entry was made"),`
Adding description to columns 2015-02-10 02:18:22 +00:00			`Column("pid", INTEGER, "Process (or thread) ID"),`
Implement logged_in_users. Fixes #9. 2014-11-23 04:49:37 +00:00			`])`
windows/logged_in_users: Add sid, hive columns (#5454) Summary: This introduces two new (Windows-only) columns to the `logged_in_users` table: * `sid` corresponds to the logged in user's security identifier, used to uniquely identify the user and their permissions on the local system. * `registry_hive` corresponds to the user's HKU registry hive, used to look up per-user configuration information. I've updated the integration tests to test for these columns on Windows only. Please let me know if there's anything else I can do! Pull Request resolved: https://github.com/facebook/osquery/pull/5454 Differential Revision: D14195466 Pulled By: fmanco fbshipit-source-id: def9c362fac1b5a68b68f826916daafee224295b 2019-02-27 13:50:25 +00:00			`extended_schema(WINDOWS, [`
			`Column("sid", TEXT, "The user's unique security identifier"),`
			`Column("registry_hive", TEXT, "HKEY_USERS registry hive"),`
			`])`
Introduce table options (#2101) Table options includes a change to the Registry::call API for TablePlugins. When requesting route information or the 'columns' action, a new 'op' key is included. 2016-05-18 19:23:52 +00:00			`attributes(cacheable=True)`
Implement logged_in_users. Fixes #9. 2014-11-23 04:49:37 +00:00			`implementation("logged_in_users@genLoggedInUsers")`