valitydev/osquery-1
14
0
Fork 0
mirror of https://github.com/valitydev/osquery-1.git synced 2024-11-07 09:58:54 +00:00
Code Issues Actions Packages Projects Releases Wiki Activity
689ec53a71
osquery-1/specs
History
Teddy Reed b81b6de6ae This refactors a bit of config/packs and adds a socket_events table to Linux. 
The refactor of config/packs was initiated because event subscribers needed
a method for toggling `::init` based on some configurable option. In the case
of auditd, turning on the support with `--disable_audit=false` used to start
auditing the EXECVE syscall. It was understandable that this would cause
latency based on the number of processes executing per measure of time.

A new `socket_events` table will do the same but for `bind` and `connect`. These
are less-obvious and for now, require a scan of /proc for socket tuples. In the
future this file descriptor to socket tuple will be faster.
2015-10-27 15:13:02 -07:00
..
centos Move specs to a top-level path, add query examples 2015-06-03 10:39:05 -07:00
darwin Update system_info table: adds CPU type, CPU cores and total memory. 2015-09-10 14:44:48 -07:00
linux This refactors a bit of config/packs and adds a socket_events table to Linux. 2015-10-27 15:13:02 -07:00
ubuntu Adding description to all the missing table fields 2015-07-15 23:23:42 -07:00
utility Remove boolean type-columns from file in favor of 'type' 2015-10-17 12:16:54 -07:00
acpi_tables.table Move specs to a top-level path, add query examples 2015-06-03 10:39:05 -07:00
arp_cache.table Move specs to a top-level path, add query examples 2015-06-03 10:39:05 -07:00
blacklist Move specs to a top-level path, add query examples 2015-06-03 10:39:05 -07:00
block_devices.table Adding description to all the missing table fields 2015-07-15 23:23:42 -07:00
chrome_extensions.table Adding description to all the missing table fields 2015-07-15 23:23:42 -07:00
cpuid.table Adding description to all the missing table fields 2015-07-15 23:23:42 -07:00
crontab.table Move specs to a top-level path, add query examples 2015-06-03 10:39:05 -07:00
disk_encryption.table Adding description to all the missing table fields 2015-07-15 23:23:42 -07:00
etc_hosts.table Adding description to all the missing table fields 2015-07-15 23:23:42 -07:00
etc_protocols.table Move specs to a top-level path, add query examples 2015-06-03 10:39:05 -07:00
etc_services.table Move specs to a top-level path, add query examples 2015-06-03 10:39:05 -07:00
example.table Move specs to a top-level path, add query examples 2015-06-03 10:39:05 -07:00
file_events.table [#1285, #1276] Faster, optimized subscriber results 2015-07-07 00:59:28 -07:00
firefox_addons.table [Fix #1492] Fix firefox key counting and spec typo 2015-09-02 19:50:36 -07:00
groups.table Move specs to a top-level path, add query examples 2015-06-03 10:39:05 -07:00
hardware_events.table Adding description to all the missing table fields 2015-07-15 23:23:42 -07:00
interface_addresses.table Move specs to a top-level path, add query examples 2015-06-03 10:39:05 -07:00
interface_details.table Adding description to all the missing table fields 2015-07-15 23:23:42 -07:00
kernel_info.table Fix kernel_info on OS X, remove md5 2015-10-11 11:43:42 -07:00
last.table Adding description to all the missing table fields 2015-07-15 23:23:42 -07:00
listening_ports.table Move specs to a top-level path, add query examples 2015-06-03 10:39:05 -07:00
logged_in_users.table Move specs to a top-level path, add query examples 2015-06-03 10:39:05 -07:00
magic.table Adding magic table to check for libmagic data 2015-08-28 12:49:46 -07:00
mounts.table Adding description to all the missing table fields 2015-07-15 23:23:42 -07:00
opera_extensions.table Adding description to all the missing table fields 2015-07-15 23:23:42 -07:00
os_version.table Move specs to a top-level path, add query examples 2015-06-03 10:39:05 -07:00
passwd_changes.table [#1285, #1276] Faster, optimized subscriber results 2015-07-07 00:59:28 -07:00
pci_devices.table Adding description to all the missing table fields 2015-07-15 23:23:42 -07:00
process_envs.table Move specs to a top-level path, add query examples 2015-06-03 10:39:05 -07:00
process_events.table Add a Linux audit event publisher 2015-09-03 08:45:02 -07:00
process_memory_map.table Adding description to all the missing table fields 2015-07-15 23:23:42 -07:00
process_open_files.table Move specs to a top-level path, add query examples 2015-06-03 10:39:05 -07:00
process_open_sockets.table This refactors a bit of config/packs and adds a socket_events table to Linux. 2015-10-27 15:13:02 -07:00
processes.table Add state, group, and nice to processes 2015-09-24 13:11:46 -07:00
routes.table Adding description to all the missing table fields 2015-07-15 23:23:42 -07:00
shell_history.table Various table perf improvements and TLS docs 2015-06-05 22:03:15 -07:00
smbios_tables.table Adding description to all the missing table fields 2015-07-15 23:23:42 -07:00
suid_bin.table Adding description to all the missing table fields 2015-07-15 23:23:42 -07:00
system_controls.table Move specs to a top-level path, add query examples 2015-06-03 10:39:05 -07:00
uptime.table Adding description to all the missing table fields 2015-07-15 23:23:42 -07:00
usb_devices.table Adding description to all the missing table fields 2015-07-15 23:23:42 -07:00
user_groups.table Move specs to a top-level path, add query examples 2015-06-03 10:39:05 -07:00
users.table Adding description to all the missing table fields 2015-07-15 23:23:42 -07:00
yara_events.table Add tags and strings columns to YARA tables. 2015-07-27 08:20:24 -04:00
yara.table Add tags and strings columns to YARA tables. 2015-07-27 08:20:24 -04:00