mirror of
https://github.com/valitydev/osquery-1.git
synced 2024-11-07 01:55:20 +00:00
15 lines
694 B
Plaintext
15 lines
694 B
Plaintext
table_name("file_events")
|
|
description("Track time/action changes to files specified in configuration data.")
|
|
schema([
|
|
Column("target_path", TEXT, "The path changed"),
|
|
Column("category", TEXT, "The category of the file"),
|
|
Column("action", TEXT, "Change action (UPDATE, REMOVE, etc)"),
|
|
Column("transaction_id", BIGINT, "ID used during bulk update"),
|
|
Column("md5", TEXT, "The MD5 of the file after change"),
|
|
Column("sha1", TEXT, "The SHA1 of the file after change"),
|
|
Column("sha256", TEXT, "The SHA256 of the file after change"),
|
|
Column("time", BIGINT, "Time of file event"),
|
|
])
|
|
attributes(event_subscriber=True)
|
|
implementation("file_events@file_events::genTable")
|