mirror of
https://github.com/valitydev/osquery-1.git
synced 2024-11-07 09:58:54 +00:00
21 lines
991 B
Plaintext
21 lines
991 B
Plaintext
table_name("windows_events")
|
|
description("Windows Event logs.")
|
|
schema([
|
|
Column("time", BIGINT, "Timestamp the event was received"),
|
|
Column("datetime", TEXT, "System time at which the event occurred"),
|
|
Column("source", TEXT, "Source or channel of the event"),
|
|
Column("provider_name", TEXT, "Provider name of the event"),
|
|
Column("provider_guid", TEXT, "Provider guid of the event"),
|
|
Column("eventid", INTEGER, "Event ID of the event"),
|
|
Column("task", INTEGER, "Task value associated with the event"),
|
|
Column("level", INTEGER, "The severity level associated with the event"),
|
|
Column("keywords", BIGINT, "A bitmask of the keywords defined in the event"),
|
|
Column("data", TEXT, "Data associated with the event"),
|
|
Column("eid", TEXT, "Event ID", hidden=True),
|
|
])
|
|
attributes(event_subscriber=True)
|
|
implementation("windows_events@WindowsEventSubscriber::genTable")
|
|
examples([
|
|
"select * from windows_events where eventid=4104 and channel='Security'",
|
|
])
|