valitydev/osquery-1
14
0
Fork 0
mirror of https://github.com/valitydev/osquery-1.git synced 2024-11-07 09:58:54 +00:00
Code Issues Actions Packages Projects Releases Wiki Activity
4,202 Commits 2 Branches 109 Tags 25 MiB
99c8debe4f
Commit Graph

4202 Commits

This Branch
This Branch
All Branches
Author SHA1 Message Date
Nick Anderson
99c8debe4f
deployment: adding default path for Windows packs to example conf (#4159) 2018-02-27 12:22:55 -08:00
Julien
1d96ac1f2c packs: adding platform tag incident-response pack (#4155) 2018-02-26 21:06:44 -08:00
Mitchell Grenier
dad25b89a9
Adding symlink loop detection to globbing (#4129) 2018-02-22 11:57:46 -08:00
Teddy Reed
9f08f0b957
logger: Add check to prevent C++ extensions from using glog (#4147) 2018-02-22 11:53:52 -08:00
Teddy Reed
2c682ee0ce
docs: Fix new table example and add leaks check (#4141) 2018-02-21 17:58:36 -08:00
Teddy Reed
65a85799f5
extensions: Allow option accesses in extensions (#4142) 2018-02-21 17:52:35 -08:00
Alessandro Gario
abfcaf0d0e List all sockets (host and containers) in process_open_sockets (#4024) 2018-02-22 00:36:51 +00:00
Nick Anderson
57e8e123a1
[fix #4140] Removing WEL logger plugin from systemLog due to duplicate linkage (#4143) 2018-02-20 21:30:54 -08:00
TacoRocket
a666d83164 Updated the windows package build script to be clearer on help and usage. Included the proper Get-Help function included in Windows to display help. Changed help from bool to switch where simply typing -h or -help will display the Get-Help information. Included aliases for the script parameters to help those who like to write options certain ways. Also included parameters names that were clearer to identify but the old parameter names are included as aliases. Both will work if identified so no workflow changes should occur. By default will still build chocolatey (#4117) 2018-02-18 12:12:58 -08:00
Mitchell Grenier
94b48ea87f
Fix JSON output from --json (#4134) 2018-02-16 15:41:44 -08:00
Nick Anderson
f89392bdb4
extensions: adding autoloading python extensions for Windows (#4096) 2018-02-16 13:56:38 -08:00
Mitchell Grenier
21049a26d2
Fix issue [#4123] MSVC Permissive Error (#4131) 2018-02-16 12:57:47 -08:00
Chris Long
e421c398a5 docs: Updating build docs to include make packages (#4068) 2018-02-11 01:58:35 -08:00
uptycs-nishant
c475fe880b TLS session reuse support (#3948) 2018-02-11 01:48:24 -08:00
Mitchell Grenier
3f7dda4475 Fix RapidJSON error asserting in configuration (#4086) 2018-02-11 01:16:38 -08:00
Teddy Reed
6f20eced93
thrift: Optionally build and link with fbthrift (#4105) 2018-02-10 23:37:15 -08:00
packetzero
d058e19345 darwin: Separate IOKit routines from IOKit event support (#4087) 2018-02-09 17:07:53 +00:00
James Jerger
6c3e90e170 Add bitlocker_info to Windows (#4113) 2018-02-09 17:06:32 +00:00
Nick Anderson
290f326957
[Fix 4097] Derive Windows groups for internationalization in MSI (#4112) 2018-02-07 22:28:19 -08:00
Nick Anderson
596d99c205
readme: fixing link to logo image (#4114) 2018-02-07 16:14:17 -08:00
Javier Marcos
ef7130b49f bug: Fix for sslv3 handshake failure in the file carver (#4109) 2018-02-07 12:24:57 -08:00
Nick Anderson
7d7ed9de61
tests: removing username test in favor of status check (#4090) 2018-02-07 10:41:37 -08:00
Seshu Pasam
0dc59b8d2d Remove duplicate mode column in device_nodes query (#4107) 2018-02-07 10:40:17 -08:00
Teddy Reed
bf2b464301 packages: Install osqueryi as a symlink (#4074) 2018-01-31 19:59:00 -08:00
Filipe Manco
766634aa83
Add parent PID on process_events from openbsm (#4091) 
* openbsm_events: Fix using wrong union element

* darwin: use macros to identify audit events

* darwin: Add parent info to proc events [1/3]

Rename subscriber class to a more generic name in preparation to make it
handling multiple process related events.

* darwin: Add parent info to proc events [2/3]

Refactor exec event handling into its own function in preparation to
make it handling multiple process related events.

* darwin: Add parent info to proc events [3/3]

Capture fork events to construct a map of parent child relationships. On
a exec look at the map to get the parent information. Use exit events to
garbage collect the map.
 2018-01-31 15:20:43 +00:00
Mike Arpaia
1c387b8abb Use schema branch of website instead of master for raw data (#4082) 2018-01-25 08:09:36 -08:00
Mike Arpaia
03b3044c3e Tools to generate table and package JSON for the new website (#4077) 2018-01-25 08:09:11 -08:00
Nick Anderson
825d850a15
site: updating website with links for windows msi (#4078) 2018-01-23 17:27:49 -08:00
Nick Anderson
d3a847ab02
deploy: fixing error and warning with windows msi package (#4079) 2018-01-23 17:27:24 -08:00
Teddy Reed
3decac948e
tables: Remove ptree from table plugins (#4075) 2018-01-21 05:11:42 -05:00
Teddy Reed
967910c6bf
deps: Use librpm 4.14.1 without beecrypt (#4073) 2018-01-21 01:56:11 -05:00
Teddy Reed
483fbbb594
query: Force query results into proper order (#2947) 2018-01-21 01:20:48 -05:00
Teddy Reed
90a737ead7
Replace most of boost::property_tree with rapidjson (#3910) 2018-01-20 20:58:01 -05:00
Teddy Reed
fad4a748c0
tables: Add cpu_microcode to system_info (#4028) 2018-01-20 20:24:09 -05:00
Alessandro Gario
44e03bada9 process_file_events: Add fields euid and egid and cleanup logs 2018-01-15 20:19:05 -08:00
Alessandro Gario
02caa95774 audit: Rename audit_fim_events to process_file_events 2018-01-15 20:12:58 -08:00
Alessandro Gario
4a478f1ea1 audit: Ignore operations on PF_NETLINK sockets 2018-01-15 20:10:50 -08:00
Alessandro Gario
8829c9f0de audit: Improve responsiveness when terminating and set name 2018-01-15 20:06:52 -08:00
Alessandro Gario
d72779c784 Update column names, add switch to clear Audit config on startup (#3611) 2018-01-15 20:02:27 -08:00
Alessandro Gario
9c0bd4abfb audit-based file integrity monitoring (#3492) 2018-01-15 19:57:50 -08:00
Teddy Reed
597b60d5eb
website: Upload dark version of logo for README (#4065) 2018-01-15 12:50:51 -05:00
Teddy Reed
e8c0601ffe
tables: Parse interface flags from sysfs on Linux (#4063) 2018-01-15 00:05:08 -05:00
Teddy Reed
181d2f9dbc
build: Fix OSQUERY_BUILD_SHARED linkage (#4062) 2018-01-14 23:08:36 -05:00
Teddy Reed
3591d221e8
tables: Add pcid to cpuid table (#4061) 2018-01-14 22:24:30 -05:00
Teddy Reed
193de0c818
deps: Improve native (non-deps) builds (#4060) 2018-01-14 20:14:40 -05:00
Teddy Reed
82235e3c13
deps: Build linenoise locally (third-party) (#4058) 2018-01-14 16:31:41 -05:00
Teddy Reed
8272c028dd
macOS: Link with no-weak-imports (#4056) 2018-01-12 20:34:45 -05:00
Doug Wilson
bf0eb6f36f added IOCs to query for OSX_MaMi malware (#4055) 2018-01-12 20:34:31 -05:00
Teddy Reed
541f28d397
deps: Build librdkafka 0.11.3 without clock_gettime (#4054) 2018-01-12 17:29:17 -05:00
Teddy Reed
adad4ee8de
build: Set default macOS SDK to 10.11 (#4053) 2018-01-12 17:28:43 -05:00