valitydev/osquery-1
14
0
Fork 0
mirror of https://github.com/valitydev/osquery-1.git synced 2024-11-07 09:58:54 +00:00
Code Issues Actions Packages Projects Releases Wiki Activity
4,233 Commits 2 Branches 109 Tags 25 MiB
3df60e6c7c
Commit Graph

93 Commits

Author SHA1 Message Date
Joe Gallo
36ca9f5664 add voltages table 2016-02-10 04:10:44 -05:00
Joe Gallo
66ed804eb6 add fan speeds table 2016-02-05 21:22:07 -05:00
Teddy Reed
a48109a226 Add developer_id to safari_extensions 2016-02-03 23:46:52 -08:00
Teddy Reed
ccda460ba0 Rename 'temps' temperatures, add constraints 2016-02-03 08:49:22 -08:00
Joe Gallo
3c6134c1fa add temperature sensors table 
Extract temperature-related data from smc_keys table for table dedicated
to temperature sensors.
 2016-02-02 23:57:55 -05:00
Sharvil Shah
8cb7ee71bf Report on System Integrity Protection 2016-01-21 21:28:13 -08:00
Teddy Reed
5295904624 Add an smc_keys table for OS X 2016-01-11 11:51:55 -08:00
Teddy Reed
6a1b08c4fe Use key_strength to support ECC 2016-01-05 18:48:34 -08:00
Teddy Reed
e311a47774 Add key_size to certificates table 2016-01-05 11:34:57 -08:00
Teddy Reed
4af9d8d61c Add certificate issuer and self_signed columns 2015-12-17 19:36:31 -08:00
Teddy Reed
a99b62a31d Preserve atime and mtime by default for readFile 2015-12-11 22:18:45 -08:00
Teddy Reed
98eb6a5055 Reorganize file_events into process_file_events 2015-12-11 00:58:22 -08:00
Teddy Reed
ccff0c8c18 [Fix #1686] Add 'subject' and 'signing_algorithm' to certificates 2015-11-29 18:32:13 -08:00
Teddy Reed
35129a7af7 [#1665, #1615] Refactor user-based tables to act uniformly 2015-11-24 12:46:25 -08:00
Teddy Reed
cef8f59054 Merge pull request #1639 from theopolis/cache 
Table results caching
 2015-11-14 16:22:24 -08:00
Teddy Reed
c2be670806 Table results caching 
1. Table implementations (spec files) can mark the table as 'cachable'.
2. Cached results depend on the shortest/quickest interval of scheduled
queries that act on results of the table.
3. The table API generator blocks caching on index/additional/required
table column options.
 2015-11-14 15:57:23 -08:00
Andrew Dunham
dea93c8aa5 Add a signature table on Darwin 
This table allows verifying the signature of files (or bundles) on
Darwin.  It also provides the signing identifier that is a part of the
signature.
 2015-11-10 13:21:18 -08:00
Teddy Reed
57e8ef2ab3 [#1546] Add computer_name to system_info and extend to Linux 2015-11-04 10:31:16 -08:00
Sharvil Shah
9a6d6d1293 Implement wifi_networks tables for OS X 
If the option of remembering known Wi-Fi networks is enabled on a system,
they are persisted to disk as a preferences property list file.
This table is populated by parsing that file.
 2015-11-01 16:53:51 -08:00
Sharvil Shah
28143f64f0 Update system_info table: adds CPU type, CPU cores and total memory. 
This change adds following columns to `system_info` table:

    cpu_type, cpu_subtype, cpu_brand, cpu_physical_cores,
    cpu_logical_cores, physical_memory, hardware_model

Here's an example output of those columns:

```
              cpu_type = x86_64h
           cpu_subtype = Intel x86-64h Haswell
             cpu_brand = Intel(R) Core(TM) i7-4850HQ CPU @ 2.30GHz
    cpu_physical_cores = 4
     cpu_logical_cores = 8
       physical_memory = 17179869184
        hardware_model = MacBookPro11,3
```
 2015-09-10 14:44:48 -07:00
Scott Piper
5e7d0d6a37 Added system_info table 2015-09-09 10:26:16 -07:00
Teddy Reed
2813d3ab87 Add a Linux audit event publisher 2015-09-03 08:45:02 -07:00
Teddy Reed
906d19927f [#1418] Use libarchive to parse Safari extension bundles 2015-08-29 23:59:41 -07:00
Teddy Reed
2433d9e06c [#1418] Include XProtect's meta list of plugin versions, and blacklisted extensions 2015-08-28 11:46:21 -07:00
Michael O'Farrell
5d0e4be6a1 Merge pull request #1335 from mofarrell/kernel-file-events 
Added kernel file access events.
 2015-07-31 15:22:11 -07:00
Michael O'Farrell
9f2b318778 Added kernel file access events. 2015-07-31 15:06:46 -07:00
Teddy Reed
dc82ffa636 Add optional environment variable whitelist to process_events 2015-07-30 16:05:11 -07:00
Michael O'Farrell
3f87d5832f Adding environment variables and arguments for process events. 2015-07-27 15:48:47 -07:00
Mike Arpaia
664c1e1ed3 Merge pull request #1346 from javuto/populating_table_fields 
Adding column description to all the missing table fields
 2015-07-15 23:37:05 -07:00
Javier Marcos
25f0de07a5 Adding description to all the missing table fields 2015-07-15 23:23:42 -07:00
Tom Burgin
e8d3e45cea Added authorization_mechanisms and authorizations tables 2015-07-15 14:25:19 -04:00
Michael O'Farrell
4bbb591b37 Added kernel process events table. 2015-07-08 13:47:07 -07:00
Teddy Reed
f48619ed28 [#1285, #1276] Faster, optimized subscriber results 2015-07-07 00:59:28 -07:00
Teddy Reed
040d9d5fd1 Merge pull request #1216 from sharvilshah/osx_mount_events 
[Implement #1103] DMG Mount Events
 2015-06-22 12:38:32 -07:00
Sharvil Shah
f676ba7642 Implements disk_events and the related publisher and subscriber. 
We now have a Publisher to report on disk events and its metadata,
using the DiskArbitration framework on OS X. Currently disk appearance
and disappearance events are published for both physical and
virtual disks (DMG files). On an event trigger, disk properties are
parsed and that metadata is reported along with the action.

The Subscriber subscribes to virtual disk events currently.

This closes #1103.
 2015-06-22 11:09:18 -07:00
Mike Arpaia
9d783fee00 adding an example to the keychain_acls spec 2015-06-22 09:38:24 -07:00
Mike Arpaia
53c407781f Merge pull request #1224 from theopolis/duti_table 
OS X application duti/scheme listing table
 2015-06-22 09:33:06 -07:00
Teddy Reed
37188f788b Fixups in tables, add DOUBLE, shell extensions 2015-06-22 04:17:23 -04:00
Mike Arpaia
1cd0adaaeb fixing the type in the keychain_acls table for real 2015-06-21 23:34:53 -07:00
Teddy Reed
55f270ff97 OS X application duti/scheme listing table 2015-06-21 14:08:21 -04:00
Mike Arpaia
0a83572f08 Table to enumerate keychain ACLs 2015-06-20 14:59:07 -04:00
Teddy Reed
09ea12a2a7 Add application sandbox container metadata 2015-06-19 01:53:09 -04:00
Teddy Reed
a105924804 Move specs to a top-level path, add query examples 
1. Example queries will run with an (optional) integration test.
2. Fix bad accesses with OS X package BOMs
3. Move spec files from ./osquery/tables/specs to ./specs
4. Remove server parsers (netlib) from client builds.
 2015-06-03 10:39:05 -07:00