mirror of
https://github.com/valitydev/osquery-1.git
synced 2024-11-06 17:45:22 +00:00
24 lines
889 B
Plaintext
Executable File
24 lines
889 B
Plaintext
Executable File
table_name("groups")
|
|
description("Local system groups.")
|
|
schema([
|
|
Column("gid", BIGINT, "Unsigned int64 group ID", index=True),
|
|
Column("gid_signed", BIGINT, "A signed int64 version of gid"),
|
|
Column("groupname", TEXT, "Canonical local group name"),
|
|
])
|
|
extended_schema(WINDOWS, [
|
|
Column("group_sid", TEXT, "Unique group ID", index=True),
|
|
Column("comment", TEXT, "Remarks or comments associated with the group"),
|
|
])
|
|
|
|
extended_schema(DARWIN, [
|
|
Column("is_hidden", INTEGER, "IsHidden attribute set in OpenDirectory"),
|
|
])
|
|
implementation("groups@genGroups")
|
|
examples([
|
|
"select * from groups where gid = 0",
|
|
# Group/user_groups is not JOIN optimized
|
|
#"select g.groupname, ug.uid from groups g, user_groups ug where g.gid = ug.gid",
|
|
# The relative group ID, or RID, is used by osquery as the "gid"
|
|
# For Windows, "gid" and "gid_signed" will always be the same.
|
|
])
|