valitydev/osquery-1
14
0
Fork 0
mirror of https://github.com/valitydev/osquery-1.git synced 2024-11-07 09:58:54 +00:00
Code Issues Actions Packages Projects Releases Wiki Activity
5,569 Commits 2 Branches 109 Tags 25 MiB
6c98ab3ade
Commit Graph

121 Commits

Author SHA1 Message Date
Animesh Tewari
dcf72523f7
curl_certificate test (#5281) 2020-07-26 16:38:59 -04:00
Animesh Tewari
6101a0aee5
Fix #5737: Add FileVersionRaw column to file table for windows (#5771) 2020-07-26 16:37:49 -04:00
kumarak
2aa313db40
Enable yara table on windows (#6564) 2020-07-23 21:16:10 -04:00
seph
32cafe518c
Light refactor on users & groups (#5686) 
This does a little refactoring on the users and groups tables, and adds test cases for more those tables.
 2020-07-23 01:38:19 -04:00
Rachel Cipkins
6096347c6b
Add startup_items table for linux (#6502) 2020-07-20 21:52:43 -04:00
puffyCid
336e6b075f
Shimcache Table (#6463) 2020-07-12 21:54:37 -04:00
Ted Reed
5cd2d6cbd3 detangle: Move platform setup and teardown out of Initializer 2020-07-09 10:38:53 -04:00
Ted Reed
89953d3340 detangle: Move start time getter and setter out of Config 2020-07-09 10:38:53 -04:00
Ted Reed
3fbe55a108 detangle: Move tooltype setter and getters out of Initializer 2020-07-09 10:38:53 -04:00
Teddy Reed
6710dbd5a6
build: Add Azure tables to specs CMakeLists (#6507) 2020-06-25 09:10:17 -04:00
Teddy Reed
8310159a7a
tests: Fix atom_packages, processes, rpm_packages flakiness (#6518) 2020-06-24 08:21:23 -04:00
James Jerger
d09ad2b1d7
Add support for basic chassis information (#5282) 2020-06-10 17:28:21 -04:00
Stefano Bonicatti
411556b9a5
Make file and hash container columns hidden (#6486) 
This is for consistency with the decisions taken
for PR osquery/osquery#6413 and osquery/osquery#6414.

We also update the integration test helper to accept custom constraints,
in the case the table has required columns.
 2020-06-06 21:26:44 -04:00
Stefano Bonicatti
2085b175e1
Add validate_container_rows helper for integration tests (#6485) 
This simple helper takes a table name and
an already prepared rows map to add the container
columns, which are normally hidden, and call validate_rows on it.

We use this function in deb_packages, rpm_packages, npm_packages,
os_version integration tests.
 2020-06-05 21:22:44 -04:00
Zachary Wasserman
4e1d31c72a
Use 'denylist' instead of 'blacklist' in query scheduling (#6487) 2020-06-05 21:05:59 -04:00
Stefano Bonicatti
e2d885b335
Add container access to the os_version table (#6413) 
* Add container access to the os_version table

* Change new container columns to hidden
 2020-06-05 20:22:34 +02:00
Stefano Bonicatti
dba5f1464e
Add container access to DEB, RPM, NPM packages tables (#6414) 
* Add container access to DEB, RPM, NPM packages tables

* Change new container columns to hidden
 2020-06-05 20:22:03 +02:00
Oleg Dolgov
2bf31f3311
build sleuthkit under windows (#6445) 2020-05-25 12:17:11 -04:00
Stefano Bonicatti
baa8ebe885
Add 'maintainer', 'section', 'priority' columns to deb_packages (#6442) 2020-05-20 20:55:40 -04:00
Stefano Bonicatti
9373b30375
Add 'vendor', 'package_group' columns to rpm_packages (#6443) 2020-05-20 20:54:53 -04:00
Stefano Bonicatti
a5104a43bf
Add 'arch' column to os_version (#6444) 2020-05-20 20:53:24 -04:00
Stefano Bonicatti
fd7cfbd4eb Add container access to the hash table 
PR: osquery/osquery#6209
 2020-04-20 17:49:57 +02:00
Stefano Bonicatti
d2c93001f3 Add container access to the file table 
PR: osquery/osquery#6209
 2020-04-20 17:49:57 +02:00
Rich
a851d8531c
system_info table: add "board_" columns like "hardware_" (#6398) 2020-04-18 07:43:25 -04:00
Stefano Bonicatti
62f99383ca
Fix Userassist.test_sanity test sometimes failing (#6396) 
The specific key the test checks for its existence,
which is Microsoft.Windows.Explorer,
might not be always present.
Use UEME_CTLSESSION key which should be always present since
it generically represents the start of a session.
 2020-04-16 22:25:58 -04:00
Zachary Wasserman
4e17ede558
Build hvci_status table with CMake (#6378) 
Build hvci_status table with CMake
 2020-04-09 13:03:41 -04:00
Stefano Bonicatti
52f310a5a8
First steps to remove the Buck build system (#6361) 
* First steps to remove the Buck build system

* Azure Pipelines: Rename jobs for consistency
 2020-04-09 01:56:21 +02:00
Robbie Ostrow
3486bf3a67
add status column to deb_packages table (#6341) 2020-03-31 09:32:25 -04:00
outSH
b428e4ea55
[Table sanity check] disk_info (#6323) 2020-03-29 13:26:23 -04:00
puffyCid
d974bb34f0
Add UserAssist table (#5539) 2020-03-29 13:25:26 -04:00
Stefano Bonicatti
8b8462d021
Fix chromeExtensions.test_sanity failure (#6324) 
Removed the columns "script" and "match" from the test
since they do not belong to the chrome_extensions table,
they belong to chrome_extension_content_scripts.

Added the missing integration test for the table
chrome_extension_content_scripts.
 2020-03-26 20:23:12 -04:00
Ateeq Sharfuddin
b63dc57e24
fix: on Windows use UTF-8 strings instead of system default locale strings (#6190) 2020-02-28 11:12:22 -05:00
Rachel Cipkins
3de799ef07
Support for "matches" and "js" keys from "content_scripts" in the chrome_extensions table (#6140) 
Co-authored-by: William Woodruff <william@yossarian.net>
 2020-02-21 18:13:41 -05:00
puffyCid
c722c68478
Expand SSH tables to support Windows (#6161) 2020-02-05 15:13:55 -05:00
Fritz
713c93fa29
Add Windows support to firefox_addons table (#6200) 2020-02-05 15:11:08 -05:00
Stefano Bonicatti
d0b42a98e2
Fix all TLS tests and framework (#6170) 2020-02-03 07:50:25 -08:00
Brad Thompson
0b2aa61a7d Create HVCI table for Windows Device Guard (#5426) 2020-01-23 20:57:03 -08:00
Teddy Reed
b1a55c31ea
tests: Improve hash table integration tests (#6184) 
Co-Authored-By: Ryan Wilson <ryantimwilson@fb.com>
 2020-01-18 15:38:32 -05:00
scoders-tob
b150367967 Adding process_open_pipes table (#6142) 2020-01-16 20:55:48 -05:00
João Godinho
a6ffa37c6c Add missing validation to fix last table (#6147) 
* Fix: Allow `DEAD_PROCESS` in `last` table

* Test: Add test for `last` table
 2020-01-15 00:50:44 +01:00
scoders-tob
6c9f8e30b0 adding docker image layers table (#6154) 2020-01-12 01:43:28 -05:00
Rachel Cipkins
3f632aaea2 Added tests for chrome_extensions table. (#6126) 2019-12-13 19:03:20 -05:00
seph
eb2ebd65b3 Enable more column validation on integration tests (#6106) 
Co-Authored-By: Teddy Reed <teddy@casualhacking.io>
 2019-12-12 20:45:55 -05:00
seph
a73ffad3bf tables: Add constraints and testing (#6105) 
Co-Authored-By: Teddy Reed <teddy@casualhacking.io>
 2019-12-12 20:45:15 -05:00
Rachel Cipkins
df20cb120a Added Brave/Chromium support for chrome_extensions (#6088) 2019-12-12 20:39:31 -05:00
Teddy Reed
6cf169c6d8
tables: Fix mdfind table by requiring query (#6103) 2019-12-06 10:11:51 -05:00
Garret Reece
5c3a4636ec macOS: Add a bsd_flags column to the file table (#5981) 2019-12-03 18:40:42 -08:00
Teddy Reed
b170a517b5
tables: Fix apt_sources and refactor tests (#6047) 2019-11-19 08:56:18 -05:00
Teddy Reed
19d4e3fc78
docs: Remove references to old osquery kernel extension (#6051) 2019-11-19 00:23:47 -05:00
Teddy Reed
2d4308b284 tables: Improve integration test debugging and fix deb_packages (#6045) 2019-11-18 20:43:18 -08:00