valitydev/osquery-1
14
0
Fork 0
mirror of https://github.com/valitydev/osquery-1.git synced 2024-11-08 10:23:54 +00:00
Code Issues Actions Packages Projects Releases Wiki Activity
988daeb9e6
osquery-1/specs/yara_events.table
Wesley Shields 698e226b80 Add tags and strings columns to YARA tables. 
When strings match they will be populated into the "strings" column of
the table. The format is identifier:offset.

When a matching rule has tags defined the tags will be put into the
"tags" column of the table in a comma separated list.
2015-07-27 08:20:24 -04:00

16 lines
689 B
Plaintext
Raw Blame History

table_name("yara_events")
description("Track YARA matches for files specified in configuration data.")
schema([
Column("target_path", TEXT, "The path scanned"),
Column("category", TEXT, "The category of the file"),
Column("action", TEXT, "Change action (UPDATE, REMOVE, etc)"),
Column("transaction_id", BIGINT, "ID used during bulk update"),
Column("matches", TEXT, "List of YARA matches"),
Column("count", INTEGER, "Number of YARA matches"),
Column("time", BIGINT, "Time of the scan"),
Column("strings", TEXT, "Matching strings"),
Column("tags", TEXT, "Matching tags"),
])
attributes(event_subscriber=True)
implementation("yara@yara_events::genTable")
Reference in New Issue View Git Blame Copy Permalink