valitydev/osquery-1
14
0
Fork 0
mirror of https://github.com/valitydev/osquery-1.git synced 2024-11-07 09:58:54 +00:00
Code Issues Actions Packages Projects Releases Wiki Activity
4,233 Commits 2 Branches 109 Tags 25 MiB
3df60e6c7c
Commit Graph

93 Commits

Author SHA1 Message Date
Jason Meller
dab7d67b86 Add account_policy_data virtual table for macOS (#4165) 2018-03-09 09:02:47 -08:00
Mitchell Grenier
a73233263b Renaming the key_events table to user_interaction_events and adding mouse down (#3951) 2017-11-21 23:43:52 -08:00
Mitchell Grenier
cd88cecc9a Publisher and Table for Event Tap Capture (KeyDown) (#3829) 2017-10-16 13:07:24 -07:00
Teddy Reed
0104cd1b76 fuzz: Use example queries as input to make fuzz (#3795) 2017-10-06 08:45:49 -07:00
Jason Meller
02bbd83ce3 Add last_opened_time to apps table (#3715) 2017-09-21 19:18:35 -07:00
Teddy Reed
812dbc5080 [Fix #2400] Use PackageKit to enumerate packages (#3685) 2017-09-12 21:59:55 -07:00
Teddy Reed
83f8a4e92c preferences: Report both Current Host and Any Host (#3681) 2017-09-12 21:57:50 -07:00
Teddy Reed
8dc4268761 kernel: Disable kernel support by default (#3672) 2017-09-09 16:48:39 -07:00
Nick Anderson
b4316a57a0 tables: Adding certificates virtual table for windows (#3498) 2017-08-07 09:08:53 -07:00
Teddy Reed
0b0c5febd1 tables: Add device_firmware to darwin (#3499) 2017-08-02 09:48:09 -07:00
Jason Meller
8ba9a54daa tables: Implement sharing_preferences table for Darwin (#3509) 2017-08-02 09:30:35 -07:00
Jason Meller
c4010bd306 tables: Implement shared folders table for Darwin (#3510) 2017-08-01 20:33:57 -07:00
Jason Meller
b9fbf583d0 Darwin: Add gatekeeper tables (#3461) 2017-07-27 10:51:31 -07:00
Teddy Reed
dacfbd4584 Separate preferences from plist and add user-concept (#3455) 2017-07-02 18:28:59 -07:00
Rohit Varkey Thankachan
081ea9e76d Virtual memory statistics for darwin (#3368) 2017-05-31 12:00:44 -07:00
Teddy Reed
9ba0edb4bb darwin: Improve disk_events add detection (#3332) 2017-05-26 10:38:26 -07:00
Mitchell Grenier
6065c26f1d Make all descriptions use periods consistently. (#3324) 2017-05-25 12:43:58 -07:00
Mitchell Grenier
0f76810699 Fix temperature sorting (#3308) 2017-05-23 09:15:34 -07:00
Seshu Pasam
0cb7c3cc3e Fix spec file names and added missing version in packs (#3289) 2017-05-20 00:42:17 -07:00
Robin Breathe
cbc34c44fe Darwin: Add channel column to wifi_status and wifi_survey tables (#3221) 2017-04-26 14:41:24 -07:00
Gregory Heimbuecher
c5fd96cdf3 Fix #2838: Adds the event_taps table to Darwin (#3188) 2017-04-21 15:55:12 -07:00
Mitchell Grenier
d5f002d447 Adding a table for Time Machine Backup Destinations (#3177) 2017-04-20 19:15:29 -07:00
Teddy Reed
90078f15ea events: Add hidden EID to all events tables (#3159) 2017-04-14 08:20:20 -07:00
Teddy Reed
b3ee6c9a8d tables: Fix table metadata when constraints are used (#3151) 2017-04-12 21:48:28 -07:00
ryanheffernan
f32ceb306b Adding Windows Startup Info Table (#3137) 2017-04-05 15:14:28 -07:00
Samuel Keeley
743580f208 Add country_code to wifi_status and wifi_survey tables. (#2940) 2017-01-25 10:20:39 -08:00
Mitchell Grenier
d01a6b148e Adding a WiFi survey table (#2794) 2016-11-23 16:58:02 -08:00
Mitchell Grenier
02b52005e0 Adding a table for currently connected WiFi information (#2793) 
* Adding a table for currently connected WiFi information

* make format

* make format

* make format

* make format

* reed changes

* format
 2016-11-22 23:37:14 -08:00
Teddy Reed
b895c6a988 Reduce several INFO logs to VLOGs and increase size-INTEGERs to BIGINT (#2559) 2016-09-28 12:38:35 -07:00
Nick Anderson
e167619bfa Adding kernel panics table (#2488) 2016-09-23 19:04:50 -07:00
Teddy Reed
df1e3b9481 Add make fuzz (#2458) 2016-09-13 20:37:31 -07:00
Teddy Reed
65dd56e113 Introduce table 'attributes' (#2431) 2016-08-31 15:32:20 -07:00
Teddy Reed
866ff13fc3 Fix OS X kernel extension autoload (#2151) 2016-06-08 11:14:36 -07:00
Teddy Reed
763f4e9437 Use SQLite 3.14.0 to support LIKE and EQUALS (#2137) 
This commit bumps the third-party SQLite to the 3.14.0 pre-release (18:59).
With 3.14.0 the LIKE and EQUALS constraint operators may be mixed within a
query. Previously these would fail to produce a valid set.

As part of the support, each virtual table should choose to bypass rowid-based
deduplication using the new "WITHOUT ROWID" create table epilog. This will
be appended to the schema if the table defines a PRIMARY KEY using index=True.
 2016-06-06 09:36:53 -07:00
Teddy Reed
b28c4d8d0f Introduce table options (#2101) 
Table options includes a change to the Registry::call API for TablePlugins.
When requesting route information or the 'columns' action, a new 'op' key is included.
 2016-05-18 12:23:52 -07:00
Teddy Reed
9c01d4a6e3 Add quicklook_cache to Darwin (#2099) 2016-05-13 23:49:10 -07:00
Nick Anderson
209900d5a8 Adding mobile device crash parsing and 'type' column to Crashes table (#2076) 
This commit adds mobile device crashes to the list of crash logs parsed by the Crashes table as well as adding a lamdba to improve code reuse.  The commit also adds a 'type' column to the table to indicate what kind of log this crash log was.
 2016-05-06 13:14:06 -07:00
Nick Anderson
27fa7001c9 Renamed crash_log table. Small fixes to parsing behavior (#2074) 
Renamed the crash_log table to crashes for future abstraction to other
operating systems. Also fixed how the table was parsing the most recent
stack trace and the registers.  Register values are now all parsed into
one column 'registers', which will be a space delimited string of the
form:

register:value register:value ... register:value

in order to best allow for OS abstraction.
 2016-05-06 09:18:06 -07:00
Nick Anderson
134c2750c2 Adding Crash Logs table for OS X (#2027) 
Added a table that parses out some of the informaiton in the OS X logs
stored in /Library/Logs/DiagnosticReports as well as
/Users/<user>/Library/Logs/DiagnosticReports
 2016-04-13 16:25:40 -07:00
Teddy Reed
c159ea7c71 Refactor install_history 2016-04-01 10:02:56 -07:00
Tim Zimmermann
5c47e2b91e Add InstallHistory table 
See #1922.
 2016-04-01 09:51:01 -07:00
Nick Anderson
7677494849 Treating the 'Disabled Plug-ins' as a folder as opposed to a plugin, and added a 'disabled' column to the table 2016-03-29 14:28:25 -07:00
Sereyvathana Ty
f912fca415 add cdhash, team_identifier, and authority to signature table 
cdhash - code directory hash
(https://developer.apple.com/library/mac/documentation/Security/Conceptu
al/CodeSigningGuide/RequirementLang/RequirementLang.html)

team_identifier is a unique id of the app developer

authority is the common name of the signed certificate
 2016-03-14 23:19:27 -07:00
Zachary Wasserman
1af6684019 Apple system log virtual table implementation 
This adds a virtual table implementation for efficient querying of the
Apple System Log (ASL) store.
 2016-03-14 12:19:03 -07:00
Joe Gallo
544ae37e9d add fan name to fan speeds table 2016-03-03 19:44:53 -05:00
Teddy Reed
c1b2af92c3 [Fix #1854] Unify power sensor tables 2016-02-21 16:02:58 -08:00
Teddy Reed
65be01d574 Merge pull request #1857 from kaizensoze/add-sensor-prefix 
add sensor_ prefix to sensor-related tables
 2016-02-20 18:29:30 -08:00
Joe Gallo
3cb18f9428 add powers table 2016-02-17 21:59:32 -05:00
Joe Gallo
3e5693d996 add sensor_ prefix to sensor-related tables 2016-02-17 01:05:36 -05:00
Joe Gallo
b8d32a74ec add currents table 
add smc genCurrent test
 2016-02-13 16:09:14 -05:00