mirror of
https://github.com/valitydev/osquery-1.git
synced 2024-11-07 09:58:54 +00:00
17 lines
739 B
Plaintext
17 lines
739 B
Plaintext
table_name("yara_events")
|
|
description("Track YARA matches for files specified in configuration data.")
|
|
schema([
|
|
Column("target_path", TEXT, "The path scanned"),
|
|
Column("category", TEXT, "The category of the file"),
|
|
Column("action", TEXT, "Change action (UPDATE, REMOVE, etc)"),
|
|
Column("transaction_id", BIGINT, "ID used during bulk update"),
|
|
Column("matches", TEXT, "List of YARA matches"),
|
|
Column("count", INTEGER, "Number of YARA matches"),
|
|
Column("strings", TEXT, "Matching strings"),
|
|
Column("tags", TEXT, "Matching tags"),
|
|
Column("time", BIGINT, "Time of the scan"),
|
|
Column("eid", TEXT, "Event ID", hidden=True),
|
|
])
|
|
attributes(event_subscriber=True)
|
|
implementation("yara@yara_events::genTable")
|