valitydev/osquery-1
14
0
Fork 0
mirror of https://github.com/valitydev/osquery-1.git synced 2024-11-08 18:33:54 +00:00
Code Issues Actions Packages Projects Releases Wiki Activity
263090e8f2
osquery-1/specs/yara.table
Teddy Reed a105924804 Move specs to a top-level path, add query examples 
1. Example queries will run with an (optional) integration test.
2. Fix bad accesses with OS X package BOMs
3. Move spec files from ./osquery/tables/specs to ./specs
4. Remove server parsers (netlib) from client builds.
2015-06-03 10:39:05 -07:00

13 lines
458 B
Plaintext
Raw Blame History

table_name("yara")
description("Track YARA matches for files or PIDs.")
schema([
Column("path", TEXT, "The path scanned"),
Column("matches", TEXT, "List of YARA matches"),
Column("count", INTEGER, "Number of YARA matches"),
Column("sig_group", TEXT, "Signature group used"),
Column("sigfile", TEXT, "Signature file used"),
Column("pattern", TEXT, "A pattern which can be used to match file paths"),
])
implementation("yara@genYara")
Reference in New Issue View Git Blame Copy Permalink