James Jerger
|
6c3e90e170
|
Add bitlocker_info to Windows (#4113)
|
2018-02-09 17:06:32 +00:00 |
|
Teddy Reed
|
fad4a748c0
|
tables: Add cpu_microcode to system_info (#4028)
|
2018-01-20 20:24:09 -05:00 |
|
Alessandro Gario
|
44e03bada9
|
process_file_events: Add fields euid and egid and cleanup logs
|
2018-01-15 20:19:05 -08:00 |
|
Alessandro Gario
|
02caa95774
|
audit: Rename audit_fim_events to process_file_events
|
2018-01-15 20:12:58 -08:00 |
|
Alessandro Gario
|
d72779c784
|
Update column names, add switch to clear Audit config on startup (#3611)
|
2018-01-15 20:02:27 -08:00 |
|
Alessandro Gario
|
9c0bd4abfb
|
audit-based file integrity monitoring (#3492)
|
2018-01-15 19:57:50 -08:00 |
|
Nick Anderson
|
d73222326f
|
tables: updating row description for kva_speculative_info (#4044)
|
2018-01-09 11:43:19 -08:00 |
|
Teddy Reed
|
de19f0b6c2
|
tables: Replace apt_sources with crude string parsing (#4034)
|
2018-01-07 00:26:27 -08:00 |
|
Nick Anderson
|
85133d8ad0
|
tables: adding windows table for KVA and speculative exec info (#4027)
|
2018-01-05 10:53:02 -08:00 |
|
Dave Kukfa
|
6ddbdc0fea
|
tables: Implemented Windows crashes table (#3696)
|
2017-12-28 21:09:10 -08:00 |
|
Teddy Reed
|
33ab8b6e5d
|
config: Inspect blacklisted queries (#4004)
|
2017-12-17 19:25:42 -08:00 |
|
Reed Loden
|
6b6723110f
|
tables: Add linux shadow table (#3902)
|
2017-11-28 00:51:44 -08:00 |
|
Mike Myers
|
b79c0e2621
|
Local Groups table for Windows (#3855)
|
2017-11-27 23:51:47 -08:00 |
|
Nick Anderson
|
6068d61068
|
tables: adding intel_me_info virtual table on Windows (#3960)
|
2017-11-27 11:26:08 -08:00 |
|
Teddy Reed
|
1cedf8d573
|
tables: Add basic Intel ME table returning version (#3956)
|
2017-11-22 00:39:18 -08:00 |
|
Mitchell Grenier
|
a73233263b
|
Renaming the key_events table to user_interaction_events and adding mouse down (#3951)
|
2017-11-21 23:43:52 -08:00 |
|
Nick Anderson
|
1239c8ccc5
|
tables: expanding windows programs table to encompass apps without GUID (#3945)
|
2017-11-20 08:21:21 -08:00 |
|
Nick Anderson
|
3d7f7cf037
|
tables: adding type column to users table to differentiate local users (#3946)
|
2017-11-20 08:21:06 -08:00 |
|
Babatunde Micheal Okutubo
|
9fd2be038c
|
Virtual table: Iptables port feature #3621 (#3897)
|
2017-11-08 18:02:44 -08:00 |
|
Teddy Reed
|
5245f7bcf3
|
tables: Refactor ssl_cert into curl_certificate (#3903)
|
2017-11-01 07:30:22 -07:00 |
|
Teddy Reed
|
8597db5f11
|
tables: Move the curl table to all platforms (#3904)
|
2017-10-31 23:44:46 -07:00 |
|
Nick Anderson
|
573cf5fc11
|
tables: porting the ssl cert to Windows (#3894)
|
2017-10-30 22:46:45 -07:00 |
|
Nick Anderson
|
b1355c4441
|
tables: Adding a Named Pipes table for Windows (#3893)
|
2017-10-30 22:46:28 -07:00 |
|
Babatunde Micheal Okutubo
|
ff1ae545e8
|
tables: SSL cert table for posix #3811 (#3839)
|
2017-10-28 13:28:17 -07:00 |
|
Nick Anderson
|
45bafdbe51
|
tables: adding windows physical disk perfmon table (#3865)
|
2017-10-22 13:56:54 -07:00 |
|
Samuel Keeley
|
58af0b7477
|
Add version to usb_devices table (#3840)
|
2017-10-17 07:59:56 -07:00 |
|
Mitchell Grenier
|
cd88cecc9a
|
Publisher and Table for Event Tap Capture (KeyDown) (#3829)
|
2017-10-16 13:07:24 -07:00 |
|
Alessandro Gario
|
e888f3e8e8
|
tables: Authenticode verification support for Windows (#3716)
|
2017-10-14 00:09:27 -07:00 |
|
uptycs-nishant
|
d2576e576b
|
[Fix #3699] Reporting mode as octal string (#3825)
|
2017-10-13 21:26:07 -07:00 |
|
Garret Reece
|
0615372d02
|
Implement a logical_drives table for windows (#3818)
|
2017-10-13 20:35:54 -07:00 |
|
Teddy Reed
|
0104cd1b76
|
fuzz: Use example queries as input to make fuzz (#3795)
|
2017-10-06 08:45:49 -07:00 |
|
Jason Meller
|
02bbd83ce3
|
Add last_opened_time to apps table (#3715)
|
2017-09-21 19:18:35 -07:00 |
|
Nick Anderson
|
2520edca73
|
tables: porting python_packages to Windows (#3702)
|
2017-09-16 16:40:43 -07:00 |
|
Nick Anderson
|
fa78d5db01
|
[Fix #3683] Setting interface id for interface_addresses (#3684)
|
2017-09-13 16:30:30 -07:00 |
|
Teddy Reed
|
812dbc5080
|
[Fix #2400] Use PackageKit to enumerate packages (#3685)
|
2017-09-12 21:59:55 -07:00 |
|
Teddy Reed
|
83f8a4e92c
|
preferences: Report both Current Host and Any Host (#3681)
|
2017-09-12 21:57:50 -07:00 |
|
Teddy Reed
|
8dc4268761
|
kernel: Disable kernel support by default (#3672)
|
2017-09-09 16:48:39 -07:00 |
|
Atyansh Jaiswal
|
68b1de153d
|
tables: Adding posix curl virtual table (#3596)
|
2017-08-30 15:24:05 -07:00 |
|
Nick Anderson
|
3c782051eb
|
tables: adding chocolatey packages virtual table (#3612)
|
2017-08-27 11:21:04 -07:00 |
|
Mike Myers
|
906104564c
|
Add examples of Windows registry virtual table (#3597)
|
2017-08-22 17:28:56 -07:00 |
|
Nick Anderson
|
8bb1e40d27
|
tables: porting the process_memory_map table to windows (#3587)
|
2017-08-21 21:47:45 -07:00 |
|
Nick Anderson
|
b42b3d677e
|
tables: adding scheduled action to windows scheduled tasks table (#3543)
|
2017-08-09 09:54:39 -07:00 |
|
Thomas Maurice
|
a41ff4117f
|
linux usb_devices: add the class, subclass and protocol information (#3542)
|
2017-08-08 12:17:29 -07:00 |
|
Vishwa Shah
|
c54c6e6c0e
|
corrected size in block_devices on darwin, linux (#3539)
|
2017-08-07 19:21:18 -07:00 |
|
Mitchell Grenier
|
b22a403bf1
|
OpenBSM Events (#3503)
|
2017-08-07 16:02:16 -07:00 |
|
Nick Anderson
|
b4316a57a0
|
tables: Adding certificates virtual table for windows (#3498)
|
2017-08-07 09:08:53 -07:00 |
|
Seshu Pasam
|
32ad42aea0
|
EC2 instance metadata implementation. (#3502)
|
2017-08-03 17:54:17 -07:00 |
|
Teddy Reed
|
7ca18f5a32
|
audit: Add cwd to process_events on Linux (#3525)
|
2017-08-03 08:21:15 -07:00 |
|
Seshu Pasam
|
6495f14828
|
EC2 instance tags implementation. (#3507)
|
2017-08-02 13:40:59 -07:00 |
|
Teddy Reed
|
0b0c5febd1
|
tables: Add device_firmware to darwin (#3499)
|
2017-08-02 09:48:09 -07:00 |
|
Jason Meller
|
8ba9a54daa
|
tables: Implement sharing_preferences table for Darwin (#3509)
|
2017-08-02 09:30:35 -07:00 |
|
Jason Meller
|
c4010bd306
|
tables: Implement shared folders table for Darwin (#3510)
|
2017-08-01 20:33:57 -07:00 |
|
Jason Meller
|
b9fbf583d0
|
Darwin: Add gatekeeper tables (#3461)
|
2017-07-27 10:51:31 -07:00 |
|
Rohit Varkey Thankachan
|
3cd26ac48c
|
Add collisions to the interface_details table (#3491)
|
2017-07-24 13:51:50 -07:00 |
|
Teddy Reed
|
a9799a9426
|
Allow caching for tables with indexes and additionals (#3472)
|
2017-07-18 00:08:38 -07:00 |
|
Teddy Reed
|
dacfbd4584
|
Separate preferences from plist and add user-concept (#3455)
|
2017-07-02 18:28:59 -07:00 |
|
Teddy Reed
|
99675fdbb2
|
audit: Increase speed when using socket_events (#3449)
|
2017-07-02 17:18:40 -07:00 |
|
ryanheffernan
|
cf50143e69
|
Adding autoexec table for Windows (#3444)
|
2017-06-27 13:48:21 -07:00 |
|
ryanheffernan
|
80acd105f5
|
IE Extensions table for Windows - Browser Helper Objects (#3436)
|
2017-06-27 10:50:36 -07:00 |
|
Teddy Reed
|
617314c7df
|
tables: Add flags to interface_details (#3439)
|
2017-06-25 14:12:01 -07:00 |
|
Allan Liu
|
256d113a74
|
Linux software RAID table (#3304)
|
2017-06-21 21:58:37 -07:00 |
|
Teddy Reed
|
c81c815f75
|
tables: Add symlink column to file table (#3390)
|
2017-06-18 14:42:40 -07:00 |
|
Rohit Varkey Thankachan
|
6b211a19ad
|
cpu_time on macos (#3392)
|
2017-06-18 14:28:07 -07:00 |
|
Teddy Reed
|
dae221e331
|
virtual tables: Allow tables to use an 'extended' schema (#3416)
|
2017-06-18 14:27:18 -07:00 |
|
Teddy Reed
|
4f7abe963d
|
Allow up to 64k rpm_package_files (#3402)
|
2017-06-13 13:22:55 -07:00 |
|
Rohit Varkey Thankachan
|
dfb6d84112
|
Load Averages on POSIX systems using getloadavg (#3396)
|
2017-06-10 15:25:20 -07:00 |
|
ryanheffernan
|
80aaed8b05
|
[Fix #3313] Adding driver version + adding malloc/pointer safety to drivers table (#3319)
|
2017-06-05 09:06:49 -07:00 |
|
Mitchell Grenier
|
739d910a2c
|
Fix #1546 Add local host name (#3370)
|
2017-06-02 16:15:50 -07:00 |
|
Rohit Varkey Thankachan
|
081ea9e76d
|
Virtual memory statistics for darwin (#3368)
|
2017-05-31 12:00:44 -07:00 |
|
lxcode
|
8b7b37bf4f
|
Add table for FreeBSD kernel modules. (#3328)
|
2017-05-26 15:10:59 -07:00 |
|
Teddy Reed
|
9ba0edb4bb
|
darwin: Improve disk_events add detection (#3332)
|
2017-05-26 10:38:26 -07:00 |
|
Mitchell Grenier
|
6065c26f1d
|
Make all descriptions use periods consistently. (#3324)
|
2017-05-25 12:43:58 -07:00 |
|
ryanheffernan
|
05b7b80891
|
Refactor Windows interface_addresses table to use win32 API and report accurate netmasks. (#3297)
|
2017-05-23 14:58:11 -07:00 |
|
Mitchell Grenier
|
0f76810699
|
Fix temperature sorting (#3308)
|
2017-05-23 09:15:34 -07:00 |
|
Seshu Pasam
|
0cb7c3cc3e
|
Fix spec file names and added missing version in packs (#3289)
|
2017-05-20 00:42:17 -07:00 |
|
lxcode
|
9b803d78d7
|
FreeBSD: Fix os_version, add pkgng package table (#3278)
|
2017-05-12 14:11:01 -07:00 |
|
ryanheffernan
|
c279342226
|
Allow querying Windows Registry by 'path' column (#3270)
|
2017-05-11 10:29:59 -07:00 |
|
Seshu Pasam
|
4cfb31452c
|
Docker support (#3241)
|
2017-05-05 09:53:12 -07:00 |
|
Teddy Reed
|
4372785d5d
|
Refactor build logic to allow optional: yara, tsk, lldpd (#3226)
|
2017-04-28 13:45:41 -07:00 |
|
ryanheffernan
|
0458abc453
|
Split Startup items 'path' column into 'path' and 'args'
|
2017-04-27 23:56:08 -04:00 |
|
lxcode
|
03a9798b7e
|
FreeBSD: add functional routes.cpp, unblacklist modules (#3225)
|
2017-04-27 16:34:31 -07:00 |
|
Robin Breathe
|
cbc34c44fe
|
Darwin: Add channel column to wifi_status and wifi_survey tables (#3221)
|
2017-04-26 14:41:24 -07:00 |
|
Gregory Heimbuecher
|
c5fd96cdf3
|
Fix #2838: Adds the event_taps table to Darwin (#3188)
|
2017-04-21 15:55:12 -07:00 |
|
Mitchell Grenier
|
d5f002d447
|
Adding a table for Time Machine Backup Destinations (#3177)
|
2017-04-20 19:15:29 -07:00 |
|
Nick Anderson
|
13524f8833
|
Adding file carving feature to osquery (#3038)
|
2017-04-20 19:00:26 -07:00 |
|
Dan Sedlacek
|
13aef1fb73
|
Windows Network Routes (#3040)
|
2017-04-19 20:03:20 -07:00 |
|
Teddy Reed
|
90078f15ea
|
events: Add hidden EID to all events tables (#3159)
|
2017-04-14 08:20:20 -07:00 |
|
Nick Anderson
|
6a90db47be
|
Adding the Windows Scheduled Tasks virtual table (#3153)
|
2017-04-13 07:53:49 -07:00 |
|
Teddy Reed
|
b3ee6c9a8d
|
tables: Fix table metadata when constraints are used (#3151)
|
2017-04-12 21:48:28 -07:00 |
|
ryanheffernan
|
f32ceb306b
|
Adding Windows Startup Info Table (#3137)
|
2017-04-05 15:14:28 -07:00 |
|
ryanheffernan
|
da427ab6c0
|
[Fix #3138] Adding index on 'key' column of Windows Registry table (#3139)
|
2017-04-05 13:02:36 -06:00 |
|
ryanheffernan
|
c91b905091
|
Allowing OR clause in registry virtual table (#3136)
|
2017-04-04 15:43:06 -07:00 |
|
Teddy Reed
|
7b6e4c7a27
|
audit: Optimize user_events and add auid (#3120)
|
2017-03-31 08:30:45 -07:00 |
|
Rubab-Syed
|
92e545e6bf
|
Python packages (#3089)
|
2017-03-26 00:03:10 -07:00 |
|
mnmnc
|
a63cf1344e
|
Minor description correction (#3096)
|
2017-03-22 15:55:13 -07:00 |
|
Teddy Reed
|
69bb69fd6d
|
events: Inspect schedule and improve tests (#3087)
|
2017-03-20 22:03:09 -07:00 |
|
ryanheffernan
|
5671bb720b
|
Refactoring Windows Registry table to be more like the file table (#3073)
|
2017-03-17 12:47:11 -07:00 |
|
Allan Liu
|
0cf0c3b428
|
lldp_neighbors: posix table spec and table implementation (#2957)
|
2017-02-28 10:02:13 -08:00 |
|
Allan Liu
|
3c3d649b1e
|
Prometheus Metrics table (#2925)
|
2017-02-26 21:59:51 -08:00 |
|
Nick Anderson
|
e961fc850e
|
Adding the Windows event log publisher (#2937)
|
2017-02-02 17:05:58 -08:00 |
|