valitydev/osquery-1
14
0
Fork 0
mirror of https://github.com/valitydev/osquery-1.git synced 2024-11-08 02:18:53 +00:00
Code Issues Actions Packages Projects Releases Wiki Activity
5,006 Commits 2 Branches 109 Tags 25 MiB
46b9c8f800
Commit Graph

373 Commits

Author SHA1 Message Date
Teddy Reed
33ab8b6e5d
config: Inspect blacklisted queries (#4004) 2017-12-17 19:25:42 -08:00
Reed Loden
6b6723110f tables: Add linux shadow table (#3902) 2017-11-28 00:51:44 -08:00
Mike Myers
b79c0e2621 Local Groups table for Windows (#3855) 2017-11-27 23:51:47 -08:00
Nick Anderson
6068d61068
tables: adding intel_me_info virtual table on Windows (#3960) 2017-11-27 11:26:08 -08:00
Teddy Reed
1cedf8d573
tables: Add basic Intel ME table returning version (#3956) 2017-11-22 00:39:18 -08:00
Mitchell Grenier
a73233263b Renaming the key_events table to user_interaction_events and adding mouse down (#3951) 2017-11-21 23:43:52 -08:00
Nick Anderson
1239c8ccc5
tables: expanding windows programs table to encompass apps without GUID (#3945) 2017-11-20 08:21:21 -08:00
Nick Anderson
3d7f7cf037
tables: adding type column to users table to differentiate local users (#3946) 2017-11-20 08:21:06 -08:00
Babatunde Micheal Okutubo
9fd2be038c Virtual table: Iptables port feature #3621 (#3897) 2017-11-08 18:02:44 -08:00
Teddy Reed
5245f7bcf3
tables: Refactor ssl_cert into curl_certificate (#3903) 2017-11-01 07:30:22 -07:00
Teddy Reed
8597db5f11
tables: Move the curl table to all platforms (#3904) 2017-10-31 23:44:46 -07:00
Nick Anderson
573cf5fc11
tables: porting the ssl cert to Windows (#3894) 2017-10-30 22:46:45 -07:00
Nick Anderson
b1355c4441
tables: Adding a Named Pipes table for Windows (#3893) 2017-10-30 22:46:28 -07:00
Babatunde Micheal Okutubo
ff1ae545e8 tables: SSL cert table for posix #3811 (#3839) 2017-10-28 13:28:17 -07:00
Nick Anderson
45bafdbe51 tables: adding windows physical disk perfmon table (#3865) 2017-10-22 13:56:54 -07:00
Samuel Keeley
58af0b7477 Add version to usb_devices table (#3840) 2017-10-17 07:59:56 -07:00
Mitchell Grenier
cd88cecc9a Publisher and Table for Event Tap Capture (KeyDown) (#3829) 2017-10-16 13:07:24 -07:00
Alessandro Gario
e888f3e8e8 tables: Authenticode verification support for Windows (#3716) 2017-10-14 00:09:27 -07:00
uptycs-nishant
d2576e576b [Fix #3699] Reporting mode as octal string (#3825) 2017-10-13 21:26:07 -07:00
Garret Reece
0615372d02 Implement a logical_drives table for windows (#3818) 2017-10-13 20:35:54 -07:00
Teddy Reed
0104cd1b76 fuzz: Use example queries as input to make fuzz (#3795) 2017-10-06 08:45:49 -07:00
Jason Meller
02bbd83ce3 Add last_opened_time to apps table (#3715) 2017-09-21 19:18:35 -07:00
Nick Anderson
2520edca73 tables: porting python_packages to Windows (#3702) 2017-09-16 16:40:43 -07:00
Nick Anderson
fa78d5db01 [Fix #3683] Setting interface id for interface_addresses (#3684) 2017-09-13 16:30:30 -07:00
Teddy Reed
812dbc5080 [Fix #2400] Use PackageKit to enumerate packages (#3685) 2017-09-12 21:59:55 -07:00
Teddy Reed
83f8a4e92c preferences: Report both Current Host and Any Host (#3681) 2017-09-12 21:57:50 -07:00
Teddy Reed
8dc4268761 kernel: Disable kernel support by default (#3672) 2017-09-09 16:48:39 -07:00
Atyansh Jaiswal
68b1de153d tables: Adding posix curl virtual table (#3596) 2017-08-30 15:24:05 -07:00
Nick Anderson
3c782051eb tables: adding chocolatey packages virtual table (#3612) 2017-08-27 11:21:04 -07:00
Mike Myers
906104564c Add examples of Windows registry virtual table (#3597) 2017-08-22 17:28:56 -07:00
Nick Anderson
8bb1e40d27 tables: porting the process_memory_map table to windows (#3587) 2017-08-21 21:47:45 -07:00
Nick Anderson
b42b3d677e tables: adding scheduled action to windows scheduled tasks table (#3543) 2017-08-09 09:54:39 -07:00
Thomas Maurice
a41ff4117f linux usb_devices: add the class, subclass and protocol information (#3542) 2017-08-08 12:17:29 -07:00
Vishwa Shah
c54c6e6c0e corrected size in block_devices on darwin, linux (#3539) 2017-08-07 19:21:18 -07:00
Mitchell Grenier
b22a403bf1 OpenBSM Events (#3503) 2017-08-07 16:02:16 -07:00
Nick Anderson
b4316a57a0 tables: Adding certificates virtual table for windows (#3498) 2017-08-07 09:08:53 -07:00
Seshu Pasam
32ad42aea0 EC2 instance metadata implementation. (#3502) 2017-08-03 17:54:17 -07:00
Teddy Reed
7ca18f5a32 audit: Add cwd to process_events on Linux (#3525) 2017-08-03 08:21:15 -07:00
Seshu Pasam
6495f14828 EC2 instance tags implementation. (#3507) 2017-08-02 13:40:59 -07:00
Teddy Reed
0b0c5febd1 tables: Add device_firmware to darwin (#3499) 2017-08-02 09:48:09 -07:00
Jason Meller
8ba9a54daa tables: Implement sharing_preferences table for Darwin (#3509) 2017-08-02 09:30:35 -07:00
Jason Meller
c4010bd306 tables: Implement shared folders table for Darwin (#3510) 2017-08-01 20:33:57 -07:00
Jason Meller
b9fbf583d0 Darwin: Add gatekeeper tables (#3461) 2017-07-27 10:51:31 -07:00
Rohit Varkey Thankachan
3cd26ac48c Add collisions to the interface_details table (#3491) 2017-07-24 13:51:50 -07:00
Teddy Reed
a9799a9426 Allow caching for tables with indexes and additionals (#3472) 2017-07-18 00:08:38 -07:00
Teddy Reed
dacfbd4584 Separate preferences from plist and add user-concept (#3455) 2017-07-02 18:28:59 -07:00
Teddy Reed
99675fdbb2 audit: Increase speed when using socket_events (#3449) 2017-07-02 17:18:40 -07:00
ryanheffernan
cf50143e69 Adding autoexec table for Windows (#3444) 2017-06-27 13:48:21 -07:00
ryanheffernan
80acd105f5 IE Extensions table for Windows - Browser Helper Objects (#3436) 2017-06-27 10:50:36 -07:00
Teddy Reed
617314c7df tables: Add flags to interface_details (#3439) 2017-06-25 14:12:01 -07:00
Allan Liu
256d113a74 Linux software RAID table (#3304) 2017-06-21 21:58:37 -07:00
Teddy Reed
c81c815f75 tables: Add symlink column to file table (#3390) 2017-06-18 14:42:40 -07:00
Rohit Varkey Thankachan
6b211a19ad cpu_time on macos (#3392) 2017-06-18 14:28:07 -07:00
Teddy Reed
dae221e331 virtual tables: Allow tables to use an 'extended' schema (#3416) 2017-06-18 14:27:18 -07:00
Teddy Reed
4f7abe963d Allow up to 64k rpm_package_files (#3402) 2017-06-13 13:22:55 -07:00
Rohit Varkey Thankachan
dfb6d84112 Load Averages on POSIX systems using getloadavg (#3396) 2017-06-10 15:25:20 -07:00
ryanheffernan
80aaed8b05 [Fix #3313] Adding driver version + adding malloc/pointer safety to drivers table (#3319) 2017-06-05 09:06:49 -07:00
Mitchell Grenier
739d910a2c Fix #1546 Add local host name (#3370) 2017-06-02 16:15:50 -07:00
Rohit Varkey Thankachan
081ea9e76d Virtual memory statistics for darwin (#3368) 2017-05-31 12:00:44 -07:00
lxcode
8b7b37bf4f Add table for FreeBSD kernel modules. (#3328) 2017-05-26 15:10:59 -07:00
Teddy Reed
9ba0edb4bb darwin: Improve disk_events add detection (#3332) 2017-05-26 10:38:26 -07:00
Mitchell Grenier
6065c26f1d Make all descriptions use periods consistently. (#3324) 2017-05-25 12:43:58 -07:00
ryanheffernan
05b7b80891 Refactor Windows interface_addresses table to use win32 API and report accurate netmasks. (#3297) 2017-05-23 14:58:11 -07:00
Mitchell Grenier
0f76810699 Fix temperature sorting (#3308) 2017-05-23 09:15:34 -07:00
Seshu Pasam
0cb7c3cc3e Fix spec file names and added missing version in packs (#3289) 2017-05-20 00:42:17 -07:00
lxcode
9b803d78d7 FreeBSD: Fix os_version, add pkgng package table (#3278) 2017-05-12 14:11:01 -07:00
ryanheffernan
c279342226 Allow querying Windows Registry by 'path' column (#3270) 2017-05-11 10:29:59 -07:00
Seshu Pasam
4cfb31452c Docker support (#3241) 2017-05-05 09:53:12 -07:00
Teddy Reed
4372785d5d Refactor build logic to allow optional: yara, tsk, lldpd (#3226) 2017-04-28 13:45:41 -07:00
ryanheffernan
0458abc453 Split Startup items 'path' column into 'path' and 'args' 2017-04-27 23:56:08 -04:00
lxcode
03a9798b7e FreeBSD: add functional routes.cpp, unblacklist modules (#3225) 2017-04-27 16:34:31 -07:00
Robin Breathe
cbc34c44fe Darwin: Add channel column to wifi_status and wifi_survey tables (#3221) 2017-04-26 14:41:24 -07:00
Gregory Heimbuecher
c5fd96cdf3 Fix #2838: Adds the event_taps table to Darwin (#3188) 2017-04-21 15:55:12 -07:00
Mitchell Grenier
d5f002d447 Adding a table for Time Machine Backup Destinations (#3177) 2017-04-20 19:15:29 -07:00
Nick Anderson
13524f8833 Adding file carving feature to osquery (#3038) 2017-04-20 19:00:26 -07:00
Dan Sedlacek
13aef1fb73 Windows Network Routes (#3040) 2017-04-19 20:03:20 -07:00
Teddy Reed
90078f15ea events: Add hidden EID to all events tables (#3159) 2017-04-14 08:20:20 -07:00
Nick Anderson
6a90db47be Adding the Windows Scheduled Tasks virtual table (#3153) 2017-04-13 07:53:49 -07:00
Teddy Reed
b3ee6c9a8d tables: Fix table metadata when constraints are used (#3151) 2017-04-12 21:48:28 -07:00
ryanheffernan
f32ceb306b Adding Windows Startup Info Table (#3137) 2017-04-05 15:14:28 -07:00
ryanheffernan
da427ab6c0 [Fix #3138] Adding index on 'key' column of Windows Registry table (#3139) 2017-04-05 13:02:36 -06:00
ryanheffernan
c91b905091 Allowing OR clause in registry virtual table (#3136) 2017-04-04 15:43:06 -07:00
Teddy Reed
7b6e4c7a27 audit: Optimize user_events and add auid (#3120) 2017-03-31 08:30:45 -07:00
Rubab-Syed
92e545e6bf Python packages (#3089) 2017-03-26 00:03:10 -07:00
mnmnc
a63cf1344e Minor description correction (#3096) 2017-03-22 15:55:13 -07:00
Teddy Reed
69bb69fd6d events: Inspect schedule and improve tests (#3087) 2017-03-20 22:03:09 -07:00
ryanheffernan
5671bb720b Refactoring Windows Registry table to be more like the file table (#3073) 2017-03-17 12:47:11 -07:00
Allan Liu
0cf0c3b428 lldp_neighbors: posix table spec and table implementation (#2957) 2017-02-28 10:02:13 -08:00
Allan Liu
3c3d649b1e Prometheus Metrics table (#2925) 2017-02-26 21:59:51 -08:00
Nick Anderson
e961fc850e Adding the Windows event log publisher (#2937) 2017-02-02 17:05:58 -08:00
Mike Arpaia
2ad1d8839f Introduce two new host identifier options (#2944) 2017-01-27 17:56:50 -08:00
Samuel Keeley
743580f208 Add country_code to wifi_status and wifi_survey tables. (#2940) 2017-01-25 10:20:39 -08:00
Dan Sedlacek
1d604fc1af [windows] arp_cache virtual table (#2839) 2017-01-10 19:09:46 -08:00
Nick Anderson
0307ec3f3a Adding the windows logged_in_users virtual table (#2891) 2017-01-08 13:19:09 -08:00
Jonathan Lee
383e07e5be [Fix #2734] Remove OpenSSL link dependency for osquery core (#2750) 2016-12-22 00:37:59 -08:00
Nick Anderson
7f5345ec7e Adding process_open_ports and listening_sockets virtual tables to Windows (#2760) 2016-12-06 14:25:08 -08:00
Dan Sedlacek
0fb983fe9b add quickfixengineering patches virtual table (#2837) 2016-12-03 16:17:16 -08:00
Mitchell Grenier
d01a6b148e Adding a WiFi survey table (#2794) 2016-11-23 16:58:02 -08:00
Mitchell Grenier
02b52005e0 Adding a table for currently connected WiFi information (#2793) 
* Adding a table for currently connected WiFi information

* make format

* make format

* make format

* make format

* reed changes

* format
 2016-11-22 23:37:14 -08:00
trizt
1cf5ef5a8a Add Gentoo as a build environment and portage tables (#2638) 2016-11-22 14:55:30 -08:00
Teddy Reed
93ce41b5e4 Rename augeas path column to node (#2788) 2016-11-20 14:13:55 -08:00
Serey Ty
148eb41e4e add drop fields to interface details (#2778) 2016-11-19 12:11:25 -08:00
Jonathan Lee
b63b60e967 New table: sudoers (#2686) 2016-11-12 16:32:42 -05:00
Omer Katz
5b7655b96f Add augeas table and libxml2 dependency (#2181) 2016-11-11 08:00:59 -08:00
Mohamed El-Shahawi
4935e84b17 Add virtual table: Windows Drivers (#2675) 2016-11-08 10:50:12 -08:00
Teddy Reed
df25f27efb Prefer /etc/os-release for Linux os_version (#2667) 2016-10-22 16:58:32 -07:00
Michael McGrew
55d29505a3 Fix missing column in wmi_event_filters table (#2625) 2016-10-14 15:10:37 -07:00
Nick Anderson
208d2324d5 Extending chrome browser extension table to Windows (#2619) 2016-10-14 10:23:37 -07:00
Michael McGrew
21f797c811 add table for appcompat shims (#2618) 2016-10-13 13:31:05 -07:00
Mohamed El-Shahawi
a3e8bac776 Add virtual table: Windows services (#2600) 2016-10-12 09:10:05 -07:00
Nick Anderson
616d9f5953 Adding support for Windows platform_info table (#2611) 2016-10-12 09:01:32 -07:00
Mohamed El-Shahawi
498a040ee6 Add virtual table: Windows Kernel_info (#2610) 2016-10-11 17:46:26 -07:00
Michael McGrew
fa0e15ae10 Update wmi_cli_event_consumers with correct columns (#2608) 2016-10-10 18:49:37 -07:00
Stephen Lester
0a02532b99 [Fixes #2594] windows: Implement the etc_services table (#2595) 2016-10-06 14:06:44 -07:00
Mohamed El-Shahawi
c83afe01d6 Add virtual table: Windows etc_protocols (#2590) 2016-10-04 19:08:27 -07:00
Mohamed El-Shahawi
c446746a3a Add virtual table os_version for windows (#2586) 2016-10-03 12:06:05 -07:00
lambda-conjecture
e33002e922 Change memory_info fields to BIGINT to handle 4G and larger sizes (#2584) 2016-10-02 18:12:35 -07:00
Teddy Reed
b895c6a988 Reduce several INFO logs to VLOGs and increase size-INTEGERs to BIGINT (#2559) 2016-09-28 12:38:35 -07:00
Michael McGrew
0473043c3a Rename programs table to correct file name (#2537) 2016-09-27 14:41:24 -07:00
Nick Anderson
3a351ebf43 Adding windows system_info virtual table (#2521) 2016-09-26 11:08:57 -07:00
Nick Anderson
8fd1ba9004 Adding the windows users virtual table (#2506) 2016-09-24 18:18:40 -07:00
Nick Anderson
e167619bfa Adding kernel panics table (#2488) 2016-09-23 19:04:50 -07:00
Teddy Reed
bcd90070ae Remove time-override for events add API (#2508) 
This will remove the use of current time for syslog.time and introduce
a new column called 'datetime'.

Events now uses an "optimize_id" alongside "optimize" to prevent returning
colliding events added within the same second as the previous genTable call.
 2016-09-23 16:46:02 -07:00
Michael McGrew
30c17885ad New windows tables (#2451) 2016-09-23 14:33:44 -07:00
Zachary Wasserman
9701c55d96 Add active column to osquery_packs table (#2475) 2016-09-19 13:00:11 -07:00
Teddy Reed
df1e3b9481 Add make fuzz (#2458) 2016-09-13 20:37:31 -07:00
Teddy Reed
c7ee4f9ca4 Add librpm build and RPM tables (#2456) 2016-09-12 22:43:36 -07:00
Teddy Reed
65dd56e113 Introduce table 'attributes' (#2431) 2016-08-31 15:32:20 -07:00
Teddy Reed
05a795d80a Count subscriber events correctly in osquery_events (#2419) 
This also changes the osquery_events API by renaming restarts to refreshes.
 2016-08-29 06:57:24 -07:00
Teddy Reed
9824e6bd58 Rename phys_footprint to total_size and add threads (#2412) 2016-08-29 06:56:38 -07:00
Teddy Reed
89b1b6f3ff Fix Linux memory_map printing and use IOMEM instead (#2416) 2016-08-29 06:54:10 -07:00
Nick Anderson
e6d4f36ebb Adding etc_hosts virtual table to windows (#2381) 2016-08-24 17:02:14 +01:00
Michael McGrew
a14961d868 Minor fixes to cb_info table (#2399) 2016-08-22 23:29:22 +01:00
Michael McGrew
a0e83466d2 Add table for pulling back carbon black sensor info (#2377) 2016-08-16 21:56:29 -07:00
Nick Anderson
9786b0efed Adding the windows registry virtual table (#2356) 2016-08-16 12:37:53 -07:00
Teddy Reed
a227c0cf3b Fix dep_packages and apply to all Linux (#2373) 2016-08-15 22:11:01 -07:00
Teddy Reed
f88d404e6d Add 'type' to logged_in_users (#2343) 2016-08-12 22:09:57 -07:00
Teddy Reed
7c1ecc6871 Brew-based build redesign (#2251) 2016-07-31 11:32:31 -07:00
nerddotcat
e015c132f6 Added memory_info table for Linux (#2282) 2016-07-27 15:20:07 -07:00
Teddy Reed
6fc0ddb31d Add watcher column to osquery_info (#2261) 2016-07-21 13:07:24 -07:00
nerddotcat
ebf3ae378d added ssh_keys table for id_rsa files. (#2245) 2016-07-19 09:21:01 -07:00
artemdinaburg
bede048323 Merge posix/windows processes table into single entity (#2220) 2016-07-05 21:18:14 -07:00
artemdinaburg
d4a3fe2452 Windows Daemon/Shell: Initial support for Windows tables (#2182) 
Preparation for Windows Tables. We need a Windows process table so that the daemon will run
 2016-06-23 16:04:11 -07:00
Teddy Reed
866ff13fc3 Fix OS X kernel extension autoload (#2151) 2016-06-08 11:14:36 -07:00
Teddy Reed
91b34010df Allow table specs to use multiple row indexes (#2146) 2016-06-07 17:13:48 -07:00
Teddy Reed
763f4e9437 Use SQLite 3.14.0 to support LIKE and EQUALS (#2137) 
This commit bumps the third-party SQLite to the 3.14.0 pre-release (18:59).
With 3.14.0 the LIKE and EQUALS constraint operators may be mixed within a
query. Previously these would fail to produce a valid set.

As part of the support, each virtual table should choose to bypass rowid-based
deduplication using the new "WITHOUT ROWID" create table epilog. This will
be appended to the schema if the table defines a PRIMARY KEY using index=True.
 2016-06-06 09:36:53 -07:00
Teddy Reed
9d53a1c148 Rename time and environment columns for process_events (#2096) 2016-05-19 14:41:03 -07:00
Teddy Reed
c4acfe89e5 Introduce table aliases (#2104) 2016-05-19 09:40:43 -07:00
Teddy Reed
b28c4d8d0f Introduce table options (#2101) 
Table options includes a change to the Registry::call API for TablePlugins.
When requesting route information or the 'columns' action, a new 'op' key is included.
 2016-05-18 12:23:52 -07:00
Teddy Reed
9c01d4a6e3 Add quicklook_cache to Darwin (#2099) 2016-05-13 23:49:10 -07:00