valitydev/osquery-1
14
0
Fork 0
mirror of https://github.com/valitydev/osquery-1.git synced 2024-11-08 02:18:53 +00:00
Code Issues Actions Packages Projects Releases Wiki Activity
40056d3d25
osquery-1/specs/windows/registry.table

17 lines
831 B
Plaintext
Executable File
Raw Blame History

table_name("registry")
description("All of the Windows registry hives.")
schema([
Column("key", TEXT, "Name of the key to search for", additional=True),
Column("path", TEXT, "Full path to the value", index=True),
Column("name", TEXT, "Name of the registry value entry"),
Column("type", TEXT, "Type of the registry value, or 'subkey' if item is a subkey"),
Column("data", TEXT, "Data content of registry value"),
Column("mtime", BIGINT, "timestamp of the most recent registry write"),
])
implementation("system/windows/registry@genRegistry")
examples([
"select * from registry",
"select * from registry where key like 'HKEY_USERS\\%\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Run%'",
"select * from registry where path = 'HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Run'",
])
Reference in New Issue View Git Blame Copy Permalink