valitydev/osquery-1
14
0
Fork 0
mirror of https://github.com/valitydev/osquery-1.git synced 2024-11-07 01:55:20 +00:00
Code Issues Actions Packages Projects Releases Wiki Activity
637eb104b8
osquery-1/specs/windows/logon_sessions.table
George Guliashvili 971bee4441 Move build system to BUCK 
fbshipit-source-id: 8ffef5e6a393ac67ce56dcb74845402e43d964a0
2018-12-07 16:12:35 +00:00

24 lines
1.5 KiB
Plaintext
Raw Blame History

table_name("logon_sessions")
description("Windows Logon Session.")
schema([
Column("logon_id", INTEGER, "A locally unique identifier (LUID) that identifies a logon session.", index=True),
Column("user", TEXT, "The account name of the security principal that owns the logon session."),
Column("logon_domain", TEXT, "The name of the domain used to authenticate the owner of the logon session."),
Column("authentication_package", TEXT, "The authentication package used to authenticate the owner of the logon session."),
Column("logon_type", TEXT, "The logon method."),
Column("session_id", INTEGER, "The Terminal Services session identifier."),
Column("logon_sid", TEXT, "The user's security identifier (SID)."),
Column("logon_time", BIGINT, "The time the session owner logged on."),
Column("logon_server", TEXT, "The name of the server used to authenticate the owner of the logon session."),
Column("dns_domain_name", TEXT, "The DNS name for the owner of the logon session."),
Column("upn", TEXT, "The user principal name (UPN) for the owner of the logon session."),
Column("logon_script", TEXT, "The script used for logging on."),
Column("profile_path", TEXT, "The home directory for the logon session."),
Column("home_directory", TEXT, "The home directory for the logon session."),
Column("home_directory_drive", TEXT, "The drive location of the home directory of the logon session.")
])
implementation("logon_sessions@queryLogonSessions")
examples([
"select * from logon_sessions;"
])
Reference in New Issue View Git Blame Copy Permalink