Commit Graph

339 Commits

Author SHA1 Message Date
Scott Lundgren
54a9ee8f35 querying of named objects in windows across terminal services sessions. even mutexes. (#4547) 2018-07-27 15:08:51 -07:00
Jared Atkinson
8d9332e6c7 tables: Added a new table for Windows Logon Sessions (#4660) 2018-07-27 11:56:01 -07:00
Julia
8435891f54 Update autoexec.table (#4769) 2018-07-27 16:47:24 +01:00
Mitchell Grenier
ce768dc40c
Add cpu architectures for running processes on macOS (#4702) 2018-07-26 10:32:57 -07:00
Teddy Reed
919219c551
tables: Add ELF-file related virtual tables (#4708) 2018-07-21 12:21:32 -04:00
James Jerger
182212330f Add socket_designation to CPU info (#4715) 2018-07-18 18:46:29 +01:00
Nate Felton
d74fa4033f Adding content_caching to sharing_preferences (#4699) 2018-07-16 12:13:14 +01:00
Rich5
352e3ff7f8 Windows file ops (#4613) 2018-07-15 14:12:46 -07:00
Daniel Roethlisberger
1ed050147a Support CDHash algorithms other than SHA-1 (#4679) 2018-07-13 12:00:43 -07:00
Jeremy Calvert
d6bebc8f81 Add support for getting ethernet link speeds for non-linux posix (#4675) 2018-07-13 10:09:35 -07:00
Allan Liu
8f4529d2a3 General SMART drive information virtual table (#4133) 2018-07-13 09:51:55 -04:00
Max Kareta
140f2bd72f
disk_encryption macOS, fix for issue #4479 (#4687) 2018-07-13 10:59:33 +01:00
Mitchell Grenier
978a3f82bb
Add unique pid field to the processes table on macOS (#4667) 2018-07-11 13:49:50 -07:00
Alessandro Gario
9497df67cc Add a new audit-based table to collect SELinux events (#4224) 2018-07-08 11:22:03 -04:00
uptycs-nishant
1cf5cb7dbc Fixing user_time, system_time bug and changing the cpu utilization logic (#4431) 2018-07-08 11:20:45 -04:00
Alessandro Gario
e622f62d8a macOS signature: Add a hash_resources parameter to the table (#4246) 2018-07-02 19:47:18 +01:00
Vova Mishatkin
29b596dc85 Add ssdeep table for posix (#4629) 2018-06-29 19:50:47 +01:00
Alexander
1179915350
The default timestamp was added for shell_history without timestamp (#4618)
If the shell history file does not contain a timestamps for the lines
osquery will miss the time in rows and will show an confusing error
about attempt to convert empty string to INTEGER.

```
% head -n 3 ~/.zsh_history
ls
cd source
ls
```

```
osquery> select * from shell_history limit 1;
I0621 11:56:37.804193 2629124992 virtual_table.cpp:292] Error casting time () to INTEGER
+------------+------+---------+-------------------------------+
| uid        | time | command | history_file                  |
+------------+------+---------+-------------------------------+
| 1868255265 |      | exit    | /home/akindyakov/.zsh_history |
+------------+------+---------+-------------------------------+
```
So, default value for the time in shell history can solve the problem.
2018-06-25 16:55:49 +01:00
Kyle Creyts
19843b8253 first pass at ssh_config table (#4380) 2018-06-22 19:37:29 -07:00
M Amin
7623f5380f tables: Added NTFS ACL permissions virtual table (#4518) 2018-06-18 16:12:36 -04:00
Filipe Manco
0a08620b65
Move process namespaces to separate table (#4534) 2018-06-13 14:28:16 +01:00
Teddy Reed
e1676c9ef5 Make macOS signatures table architecture aware (#4525) 2018-06-11 14:03:57 -07:00
Filipe Manco
0f66afff6e Set parent to -1 on process_events (#4511) 2018-06-08 15:15:54 -07:00
Babatunde Micheal Okutubo
ffe025e0a3 tables: Report process limits on darwin and linux (#4219) 2018-06-08 10:53:17 -07:00
Filipe Manco
516b0147f0 Move process_event's status to extended schema (#4509) 2018-06-07 16:12:15 -07:00
Jason Meller
8456b34993 Add battery virtual table for Darwin (#4168) 2018-06-07 09:47:45 -07:00
Scott Lundgren
18564629ac Update docs around the users table to account for Windows (#4421) (#4422) 2018-06-05 23:07:14 -07:00
James Jerger
56bbd9a8b9 Tables: Add cpu_info table to windows (#4381) 2018-05-31 15:25:12 -07:00
Allan Liu
083c57e3f0 tables: memory related SMBIOS tables (#4409) 2018-05-25 21:29:43 +01:00
Drake Aronhalt
408d002403 Adding readonly_rootfs field to docker_containers table. (#4419) 2018-05-25 17:54:15 +01:00
Rutwa189
3de45f5abb Improve Python packages table (#4407) 2018-05-24 09:14:44 -07:00
Allan Liu
1c38b7626d tables: add link_speed column to interface_details for linux (#4320) 2018-05-17 14:35:20 -07:00
Allan Liu
a110c291fa tables: Virtual table implemention for memory devices from SMBIOS (#4138) 2018-05-17 17:33:35 -04:00
Steve Brito
c52276879a tables: adding bios_info table for Windows. (#4118) 2018-05-17 13:49:33 -07:00
Ben Isaacs
8fca2a21c1 add documentation for alf global_state (#4247) 2018-05-16 22:43:37 -04:00
Ngo The Trung
b748386ddb mac: add 'state' to process_open_sockets (#4253) 2018-05-15 11:28:42 +01:00
Nick Anderson
a338c86170
tables: adding user_groups table for Windows (#4217) 2018-05-14 16:48:16 -07:00
Giorgi Guliashvili
58969a1df7 Removed startup_items from linux platform. (#4373) 2018-05-14 23:50:28 +01:00
James Jerger
a5df5acc01 Refactor tables to bail out early on error. Add encryption method to bitlocker_info. (#4337) 2018-05-11 22:57:16 -07:00
Andrew Guthrie
a6064cf247 NPM Packages Table on Linux (#4315) 2018-05-10 19:11:30 -07:00
Steve Brito
8c22b59538 Add manufaturer and service to interface_details table for Windows (#4376) 2018-05-09 18:07:07 -07:00
Nick Anderson
4125297158
tables: adds a Powershell events table to Windows (#4351) 2018-05-07 10:26:43 -07:00
Rich5
aea381e147 Correct process uid for user name mapping and added is_elevated_token column (#4369) 2018-05-06 20:14:59 -07:00
Filipe Manco
446ae4c366
Add namespaces to processes table on linux (#4263) 2018-05-03 18:12:53 +01:00
Mitchell Grenier
5bd021a84f
Cups Jobs and Cups Destinations (#4278) 2018-05-02 15:03:17 -07:00
Mitchell Grenier
8d16ae3887
Add an mdfind table to macOS (#4313) 2018-05-02 10:58:12 -07:00
Gabi Purcaru
0d1425266a Added certificate serial number column (#4290) 2018-04-18 07:30:12 -07:00
Ngo The Trung
f1a630735e tables: Add yum_sources table (#4213) 2018-04-05 13:27:59 +01:00
James Jerger
3abadc77d7 tables: Add video_info table to collect video card information (#4226) 2018-03-30 21:35:11 -07:00
Richard Metzler
3df60e6c7c docs: shadow only works for root / sudo (#4228) 2018-03-30 13:58:22 -07:00