valitydev/osquery-1
14
0
Fork 0
mirror of https://github.com/valitydev/osquery-1.git synced 2024-11-07 01:55:20 +00:00
Code Issues Actions Packages Projects Releases Wiki Activity

add quickfixengineering patches virtual table (#2837)

Browse Source
This commit is contained in:
Dan Sedlacek 2016-12-03 16:17:16 -08:00 committed by Nick Anderson
parent 5de5187657
commit 0fb983fe9b
2 changed files with 63 additions and 0 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

47
osquery/tables/system/windows/patches.cpp Normal file
View File

@ -0,0 +1,47 @@
/*
* Copyright (c) 2014-present, Facebook, Inc.
* All rights reserved.
*
* This source code is licensed under the BSD-style license found in the
* LICENSE file in the root directory of this source tree. An additional grant
* of patent rights can be found in the PATENTS file in the same directory.
*
*/
#include <osquery/sql.h>
#include <osquery/system.h>
#include <osquery/tables.h>
#include "osquery/core/conversions.h"
#include "osquery/core/windows/wmi.h"
namespace osquery {
namespace tables {
QueryData genInstalledPatches(QueryContext& context) {
QueryData results;
WmiRequest wmiSystemReq("select * from Win32_QuickFixEngineering");
std::vector<WmiResultItem>& wmiResults = wmiSystemReq.results();
if (wmiResults.size() != 0) {
Row r;
for (const auto& item : wmiResults) {
item.GetString("CSName", r["csname"]);
item.GetString("HotFixID", r["hotfix_id"]);
item.GetString("Caption", r["caption"]);
item.GetString("Description", r["description"]);
item.GetString("FixComments", r["fix_comments"]);
item.GetString("InstalledBy", r["installed_by"]);
item.GetString("InstallDate", r["install_date"]);
item.GetString("InstalledOn", r["installed_on"]);
results.push_back(r);
}
}
return results;
}
}
}

16
specs/windows/patches.table Normal file
View File

@ -0,0 +1,16 @@
table_name("patches")
description("Lists all the patches applied. Note: This does not include patches applied via MSI or downloaded from Windows Update (e.g. Service Packs).")
schema([
Column("csname", TEXT, "The name of the host the patch is installed on."),
Column("hotfix_id", TEXT, "The KB ID of the patch."),
Column("caption", TEXT, "Short description of the patch."),
Column("description", TEXT, "Fuller description of the patch."),
Column("fix_comments", TEXT, "Additional comments about the patch."),
Column("installed_by", TEXT, "The system context in which the patch as installed."),
Column("install_date", TEXT, "Indicates when the patch was installed. Lack of a value does not indicate that the patch was not installed."),
Column("installed_on", TEXT, "The date when the patch was installed."),
])
implementation("system/windows/patches@genInstalledPatches")
examples([
"select * from patches",
])