osquery-1/specs/darwin/xprotect_entries.table

table_name("xprotect_entries")
description("Database of the machine's XProtect signatures.")
schema([
    Column("name", TEXT, "Description of XProtected malware"),
    Column("launch_type", TEXT, "Launch services content type"),
    Column("identity", TEXT, "XProtect identity (SHA1) of content"),
    Column("filename", TEXT, "Use this file name to match"),
    Column("filetype", TEXT, "Use this file type to match"),
    Column("optional", INTEGER, "Match any of the identities/patterns for this XProtect name"),
    Column("uses_pattern", INTEGER, "Uses a match pattern instead of identity"),
])
implementation("xprotect@genXProtectEntries")
Add XProtect vtable to OSX 2014-12-16 04:16:52 +00:00			`table_name("xprotect_entries")`
Adding table spec documentation 2015-02-05 05:47:02 +00:00			`description("Database of the machine's XProtect signatures.")`
Add XProtect vtable to OSX 2014-12-16 04:16:52 +00:00			`schema([`
Adding table spec documentation 2015-02-05 05:47:02 +00:00			`Column("name", TEXT, "Description of XProtected malware"),`
OSX XProtect siganture DB as virtual table 2014-12-17 05:35:26 +00:00			`Column("launch_type", TEXT, "Launch services content type"),`
Adding table spec documentation 2015-02-05 05:47:02 +00:00			`Column("identity", TEXT, "XProtect identity (SHA1) of content"),`
			`Column("filename", TEXT, "Use this file name to match"),`
			`Column("filetype", TEXT, "Use this file type to match"),`
			`Column("optional", INTEGER, "Match any of the identities/patterns for this XProtect name"),`
Remove raw pattern from XProtect 2014-12-17 22:46:53 +00:00			`Column("uses_pattern", INTEGER, "Uses a match pattern instead of identity"),`
Add XProtect vtable to OSX 2014-12-16 04:16:52 +00:00			`])`
			`implementation("xprotect@genXProtectEntries")`