mirror of
https://github.com/valitydev/osquery-1.git
synced 2024-11-06 17:45:22 +00:00
3e1dd14d8d
Right now, there is no way to tell what platform osquery is running on. We have `os_version.platform` and `os_version.platform_like`, but they are highly inconsistent, and require a lot of custom parsing to use. We should expose the underlying platform bitmask. This adds the `platform_mask` to the `osquery_info` table. This replaces https://github.com/osquery/osquery/pull/5488
19 lines
1.1 KiB
Plaintext
19 lines
1.1 KiB
Plaintext
table_name("osquery_info")
|
|
description("Top level information about the running version of osquery.")
|
|
schema([
|
|
Column("pid", INTEGER, "Process (or thread/handle) ID"),
|
|
Column("uuid", TEXT, "Unique ID provided by the system"),
|
|
Column("instance_id", TEXT, "Unique, long-lived ID per instance of osquery"),
|
|
Column("version", TEXT, "osquery toolkit version"),
|
|
Column("config_hash", TEXT, "Hash of the working configuration state"),
|
|
Column("config_valid", INTEGER, "1 if the config was loaded and considered valid, else 0"),
|
|
Column("extensions", TEXT, "osquery extensions status"),
|
|
Column("build_platform", TEXT, "osquery toolkit build platform"),
|
|
Column("build_distro", TEXT, "osquery toolkit platform distribution name (os version)"),
|
|
Column("start_time", INTEGER, "UNIX time in seconds when the process started"),
|
|
Column("watcher", INTEGER, "Process (or thread/handle) ID of optional watcher process"),
|
|
Column("platform_mask", INTEGER, "The osquery platform bitmask"),
|
|
])
|
|
attributes(utility=True)
|
|
implementation("osquery@genOsqueryInfo")
|