Teddy Reed
|
e748f38a06
|
deps: Finish removal of snappy and lz4 dependencies (#3618)
|
2017-08-27 17:45:15 -07:00 |
|
Mitchell Grenier
|
7750fa8ee5
|
deps: Remove snappy and lz4 (#3545)
|
2017-08-27 12:02:27 -07:00 |
|
Nick Anderson
|
3c782051eb
|
tables: adding chocolatey packages virtual table (#3612)
|
2017-08-27 11:21:04 -07:00 |
|
Teddy Reed
|
f29de27649
|
Combine osqueryi and osqueryd into single binary (#2742)
|
2017-08-27 11:09:25 -07:00 |
|
Alessandro Gario
|
a3e4310188
|
Fix 3568: Kinesis/Firehose record size check failure (#3599)
|
2017-08-27 11:01:52 -07:00 |
|
Teddy Reed
|
e4bbf06074
|
codemod: Refactor query functions out of database (#3615)
|
2017-08-26 18:36:06 -07:00 |
|
Teddy Reed
|
48ab0c783c
|
logger: Use a mutex to protect buffered counts (#3588)
|
2017-08-22 01:30:13 -07:00 |
|
Nick Anderson
|
8bb1e40d27
|
tables: porting the process_memory_map table to windows (#3587)
|
2017-08-21 21:47:45 -07:00 |
|
Teddy Reed
|
57f6e37839
|
audit: Handle AUDIT_SOCKADDR messages (#3586)
|
2017-08-21 20:53:32 -07:00 |
|
Teddy Reed
|
072aa7dad1
|
sql: Handle potential LIKE and GLOB optimizations by increasing comparisons (#3580)
|
2017-08-21 19:31:44 -07:00 |
|
Nick Anderson
|
cbed65d10e
|
tables: Adding list indexing to darwin plist table (#3546)
|
2017-08-21 09:29:33 -07:00 |
|
Teddy Reed
|
7b2f905f43
|
aws: Fix TSAN warning in request exception (#3556)
|
2017-08-21 01:04:58 -07:00 |
|
Teddy Reed
|
cf170c4278
|
cleanup: Move query out of database header (#3576)
|
2017-08-20 02:44:38 -07:00 |
|
uptycs-nishant
|
5a92d2c7f0
|
Implementing exclude paths for FIM (#3530)
|
2017-08-19 19:59:23 -07:00 |
|
Nick Anderson
|
5172580ac8
|
bug: Processes name correctly displays uid for domain users (#3574)
|
2017-08-18 21:51:39 -07:00 |
|
Mark Ignacio
|
04b51fd450
|
add LVM and parental contexts to block_devices and disk_encryption on Linux (#3551)
|
2017-08-15 10:33:54 -07:00 |
|
Teddy Reed
|
c141dd390f
|
sanitizers: Skip several tests that fail custom alloc checks (#3555)
|
2017-08-13 02:01:05 -07:00 |
|
Allan Liu
|
3a70fd7336
|
md tables: additional bounds checking around substr calls (#3532)
|
2017-08-10 18:14:39 -07:00 |
|
Mitchell Grenier
|
c680e7d1c7
|
Fix an sqlite3 memory leak in quicklook_cache (#3552)
|
2017-08-10 12:02:59 -07:00 |
|
lxcode
|
d391c3e585
|
Fix memory leak (#3553)
|
2017-08-10 11:45:00 -07:00 |
|
Nick Anderson
|
b42b3d677e
|
tables: adding scheduled action to windows scheduled tasks table (#3543)
|
2017-08-09 09:54:39 -07:00 |
|
Thomas Maurice
|
a41ff4117f
|
linux usb_devices: add the class, subclass and protocol information (#3542)
|
2017-08-08 12:17:29 -07:00 |
|
Teddy Reed
|
242ca5f484
|
implement LIKEs for extended attributes table (#3541)
|
2017-08-08 08:00:55 -07:00 |
|
Vishwa Shah
|
c54c6e6c0e
|
corrected size in block_devices on darwin, linux (#3539)
|
2017-08-07 19:21:18 -07:00 |
|
Hugh Neale
|
2b48fbc557
|
A fix for Mac OSX process start_time (#3534)
|
2017-08-07 17:49:12 -07:00 |
|
Mitchell Grenier
|
8a963e8d40
|
[Distributed] Moving to RapidJSON (#3265)
|
2017-08-07 16:34:44 -07:00 |
|
Mitchell Grenier
|
b22a403bf1
|
OpenBSM Events (#3503)
|
2017-08-07 16:02:16 -07:00 |
|
Nick Anderson
|
b4316a57a0
|
tables: Adding certificates virtual table for windows (#3498)
|
2017-08-07 09:08:53 -07:00 |
|
Nick Anderson
|
405ec99476
|
Adding threads and start_time fields to processes table (#3536)
|
2017-08-06 20:58:18 -07:00 |
|
Seshu Pasam
|
9dc69ee282
|
Minor static analysis fixes. (#3529)
|
2017-08-04 18:22:10 -07:00 |
|
Zachary Wasserman
|
af444370f4
|
Fix memory leaks in Gatekeeper table (#3531)
|
2017-08-04 18:19:50 -07:00 |
|
Mitchell Grenier
|
e577a76b9b
|
macOS - Listeners on folders that throw mount events (#3506)
|
2017-08-03 18:09:04 -07:00 |
|
Nick Anderson
|
c34d9f8348
|
windows: Updating various chocolatey powershell build scripts (#3427)
|
2017-08-03 18:01:10 -07:00 |
|
Seshu Pasam
|
32ad42aea0
|
EC2 instance metadata implementation. (#3502)
|
2017-08-03 17:54:17 -07:00 |
|
Nick Anderson
|
ea5f06bfc5
|
[Fix #3527] Addressing interface indexing in arp_cache table (#3528)
|
2017-08-03 17:49:58 -07:00 |
|
Teddy Reed
|
7ca18f5a32
|
audit: Add cwd to process_events on Linux (#3525)
|
2017-08-03 08:21:15 -07:00 |
|
Teddy Reed
|
d581be4ef0
|
Fix #3522: Do not call SQL ctor directly (#3524)
|
2017-08-02 20:20:19 -07:00 |
|
Seshu Pasam
|
6495f14828
|
EC2 instance tags implementation. (#3507)
|
2017-08-02 13:40:59 -07:00 |
|
Teddy Reed
|
0b0c5febd1
|
tables: Add device_firmware to darwin (#3499)
|
2017-08-02 09:48:09 -07:00 |
|
Jason Meller
|
8ba9a54daa
|
tables: Implement sharing_preferences table for Darwin (#3509)
|
2017-08-02 09:30:35 -07:00 |
|
Jason Meller
|
c4010bd306
|
tables: Implement shared folders table for Darwin (#3510)
|
2017-08-01 20:33:57 -07:00 |
|
Seshu Pasam
|
9b3be1c02d
|
Fixes from static code analysis (#3512)
|
2017-08-01 20:13:25 -07:00 |
|
Teddy Reed
|
90c6a44599
|
freebsd: Some refactoring to processes table (#3442)
|
2017-08-01 16:58:26 -07:00 |
|
Teddy Reed
|
30aae77259
|
extensions: Call wait on all extensions before respawning (#3516)
|
2017-08-01 15:16:22 -07:00 |
|
Mitchell Grenier
|
ba35a92243
|
Expand Carver APIs and Add Compression (#3386)
|
2017-07-31 11:11:45 -07:00 |
|
Seshu Pasam
|
5b42749d93
|
Some "make audit" output fixes. (#3508)
|
2017-07-31 11:06:08 -07:00 |
|
Jason Meller
|
b9fbf583d0
|
Darwin: Add gatekeeper tables (#3461)
|
2017-07-27 10:51:31 -07:00 |
|
Rohit Varkey Thankachan
|
3cd26ac48c
|
Add collisions to the interface_details table (#3491)
|
2017-07-24 13:51:50 -07:00 |
|
Nick Anderson
|
30e5b89df8
|
Adding in additional program installation locations (#3484)
|
2017-07-24 09:22:20 -07:00 |
|
Teddy Reed
|
295acfcf3d
|
worker: Do not ignore SIGCHLD to exit faster (#3487)
|
2017-07-24 08:48:06 -07:00 |
|
Teddy Reed
|
30a9f23cb0
|
tsan: Fix watcher and posix utils tsan findings (#3489)
|
2017-07-24 07:19:31 -07:00 |
|
Teddy Reed
|
98d91192b4
|
audit: Isolate the audit consumer logic into a thread (#3486)
|
2017-07-24 00:27:19 -07:00 |
|
Teddy Reed
|
9b7ce1b5ad
|
logger: Fail all plugins if any fail (#3488)
|
2017-07-24 00:26:19 -07:00 |
|
Zachary Wasserman
|
b86869208d
|
Fix error handling in AWS logger plugins (#3426)
|
2017-07-22 19:41:39 -07:00 |
|
uptycs-nishant
|
43046f48da
|
Inotify: re-implemented remove/add subscription and remove/add monito… (#3459)
|
2017-07-21 20:00:34 -07:00 |
|
Nick Anderson
|
de0c0c0663
|
Updating windows system_info to return fqdn for hostname (#3470)
|
2017-07-21 11:22:07 -07:00 |
|
Nick Anderson
|
dfbcd50737
|
windows: Adding osqueryi and osqueryd integration tests (#3479)
|
2017-07-21 11:20:56 -07:00 |
|
Nick Anderson
|
891a6fb17a
|
windows: Fixing watcher respawn logic for killed worker processes (#3475)
|
2017-07-21 11:10:06 -07:00 |
|
Mitchell Grenier
|
7801ac6dce
|
Add mount to fsevents (#3480)
|
2017-07-20 09:44:38 -07:00 |
|
Mitchell Grenier
|
0c7059ed0a
|
APFS Globbing Order Change (#3473)
|
2017-07-19 13:14:50 -07:00 |
|
Mitchell Grenier
|
951b009069
|
Fix a crash in interface_details on windows (#3478)
|
2017-07-18 18:38:01 -07:00 |
|
Teddy Reed
|
a9799a9426
|
Allow caching for tables with indexes and additionals (#3472)
|
2017-07-18 00:08:38 -07:00 |
|
Teddy Reed
|
d6184f62b5
|
Set config refresh to 1 hour and fix retry (#3469)
|
2017-07-17 22:28:11 -07:00 |
|
Mitchell Grenier
|
6fff46a20a
|
Fix ad_config table regression from splitting preferences and plist (#3474)
|
2017-07-17 17:52:52 -07:00 |
|
Teddy Reed
|
57f04c4c49
|
General code cleanup for the config (#3467)
|
2017-07-17 11:38:21 -07:00 |
|
Teddy Reed
|
1e9feba506
|
pidfile: Update pidfile to /var/run on Linux and fbsd (#3457)
|
2017-07-07 17:57:31 -07:00 |
|
Lambda Conjecture
|
ecb9e2ccf2
|
Add Epoch marker to scheduled query results (#3378)
|
2017-07-07 17:56:03 -07:00 |
|
Teddy Reed
|
190e46f994
|
aws: Restore exception error printing and upgrade to 1.1.5 (#3456)
|
2017-07-02 20:44:06 -07:00 |
|
Teddy Reed
|
dacfbd4584
|
Separate preferences from plist and add user-concept (#3455)
|
2017-07-02 18:28:59 -07:00 |
|
Teddy Reed
|
99675fdbb2
|
audit: Increase speed when using socket_events (#3449)
|
2017-07-02 17:18:40 -07:00 |
|
ryanheffernan
|
5d7de135dd
|
Adding URL Search hooks to ie_extensions table (#3452)
|
2017-06-30 11:12:43 -07:00 |
|
Nick Anderson
|
85d8af3996
|
carver: tar creation is now streamed (#3450)
|
2017-06-29 22:13:09 -07:00 |
|
Mitchell Grenier
|
9f9c729216
|
Fix test on High Sierra (#3451)
|
2017-06-29 16:46:04 -07:00 |
|
Teddy Reed
|
89ee28dcc4
|
watchdog: Fix disabled database and logging when watchdog is not used (#3448)
|
2017-06-28 23:24:18 -07:00 |
|
Teddy Reed
|
e3cafd53a3
|
tables: Add SSE bits to cpuid (#3446)
|
2017-06-28 16:00:05 -07:00 |
|
ryanheffernan
|
cf50143e69
|
Adding autoexec table for Windows (#3444)
|
2017-06-27 13:48:21 -07:00 |
|
ryanheffernan
|
80acd105f5
|
IE Extensions table for Windows - Browser Helper Objects (#3436)
|
2017-06-27 10:50:36 -07:00 |
|
Teddy Reed
|
617314c7df
|
tables: Add flags to interface_details (#3439)
|
2017-06-25 14:12:01 -07:00 |
|
Allan Liu
|
256d113a74
|
Linux software RAID table (#3304)
|
2017-06-21 21:58:37 -07:00 |
|
Seshu Pasam
|
2fd90bd5c1
|
Custom directory flag for augeas lenses (#3428)
|
2017-06-20 20:54:27 -07:00 |
|
Seshu Pasam
|
dc02616967
|
Check number of columns returned from 'docker top' (#3429)
|
2017-06-20 20:16:13 -07:00 |
|
Zachary Wasserman
|
a0a6e56314
|
Fix shadow declaration in darwin broswer_plugins (#3423)
|
2017-06-20 20:15:51 -07:00 |
|
Teddy Reed
|
28c10a415f
|
freebsd: Update Vagrantfile, config tests, and remove hidden visibility (#3419)
|
2017-06-18 18:30:57 -07:00 |
|
Teddy Reed
|
12daf75acd
|
virtual tables: Build Linux cpu_time on FreeBSD (#3417)
|
2017-06-18 15:32:48 -07:00 |
|
Teddy Reed
|
c81c815f75
|
tables: Add symlink column to file table (#3390)
|
2017-06-18 14:42:40 -07:00 |
|
Teddy Reed
|
0e294f8095
|
build: Major change to building within shared folders (#3415)
|
2017-06-18 14:41:05 -07:00 |
|
Rohit Varkey Thankachan
|
6b211a19ad
|
cpu_time on macos (#3392)
|
2017-06-18 14:28:07 -07:00 |
|
Teddy Reed
|
e75575ea66
|
build: Remove specific -mt from boost links (#3409)
|
2017-06-15 20:59:53 -07:00 |
|
Nicolas Bigaouette
|
23194c732d
|
Replace hardcoded paths throughout code base (#3387)
|
2017-06-15 19:31:52 -07:00 |
|
Nick Anderson
|
c4b6b33ad1
|
carver: gating carver code in CMake (#3407)
|
2017-06-15 09:40:58 -07:00 |
|
Nick Anderson
|
cffa9cb7a3
|
Changing init verbosity to honor verbose flag (#3406)
|
2017-06-14 21:08:33 -07:00 |
|
Teddy Reed
|
445fc12648
|
tests: Record process start time in tests (#3405)
|
2017-06-13 17:53:05 -07:00 |
|
Teddy Reed
|
a65e7caad8
|
sqlite: Remove the explicit copy and add mutex to function carve (#3404)
|
2017-06-13 17:27:00 -07:00 |
|
Teddy Reed
|
f8f5718297
|
watcher: Do not initialize the config in watcher (#3403)
|
2017-06-13 17:26:34 -07:00 |
|
Teddy Reed
|
4f7abe963d
|
Allow up to 64k rpm_package_files (#3402)
|
2017-06-13 13:22:55 -07:00 |
|
Teddy Reed
|
414cf83c6a
|
logger: Re-add syslog logger plugin (#3401)
|
2017-06-13 00:23:54 -07:00 |
|
Rohit Varkey Thankachan
|
dfb6d84112
|
Load Averages on POSIX systems using getloadavg (#3396)
|
2017-06-10 15:25:20 -07:00 |
|
Nick Anderson
|
4aa4a983fc
|
Triaging windows auto load extensions; (#3384)
|
2017-06-09 10:35:40 -07:00 |
|
Teddy Reed
|
8ad086098c
|
watcher: Add initial watchdog delay (#3360)
|
2017-06-08 18:03:30 +01:00 |
|
Mitchell Grenier
|
31793c6773
|
Trying to apply xiangfan-ms' patch (#3340)
|
2017-06-07 09:51:22 -07:00 |
|