valitydev/osquery-1
14
0
Fork 0
mirror of https://github.com/valitydev/osquery-1.git synced 2024-11-07 01:55:20 +00:00
Code Issues Actions Packages Projects Releases Wiki Activity
9d783fee00
osquery-1/specs/darwin/xprotect_entries.table
Teddy Reed a105924804 Move specs to a top-level path, add query examples 
1. Example queries will run with an (optional) integration test.
2. Fix bad accesses with OS X package BOMs
3. Move spec files from ./osquery/tables/specs to ./specs
4. Remove server parsers (netlib) from client builds.
2015-06-03 10:39:05 -07:00

13 lines
647 B
Plaintext
Raw Blame History

table_name("xprotect_entries")
description("Database of the machine's XProtect signatures.")
schema([
Column("name", TEXT, "Description of XProtected malware"),
Column("launch_type", TEXT, "Launch services content type"),
Column("identity", TEXT, "XProtect identity (SHA1) of content"),
Column("filename", TEXT, "Use this file name to match"),
Column("filetype", TEXT, "Use this file type to match"),
Column("optional", INTEGER, "Match any of the identities/patterns for this XProtect name"),
Column("uses_pattern", INTEGER, "Uses a match pattern instead of identity"),
])
implementation("xprotect@genXProtectEntries")
Reference in New Issue View Git Blame Copy Permalink