mirror of
https://github.com/valitydev/osquery-1.git
synced 2024-11-07 18:08:53 +00:00
59 lines
881 B
Plaintext
59 lines
881 B
Plaintext
{
|
|
"options": {
|
|
"enable_monitor": "true"
|
|
},
|
|
"list": [
|
|
"a"
|
|
],
|
|
"dictionary": {
|
|
"foo": "bar"
|
|
},
|
|
"packs": {
|
|
"foobar": {
|
|
"version": "1.5.0",
|
|
"queries": {
|
|
"kernel_modules": {
|
|
"query": "select * from kernel_modules;",
|
|
"interval": 3600
|
|
}
|
|
}
|
|
},
|
|
"foobar_with_files": {
|
|
"file_paths": {
|
|
"logs": [
|
|
"/dev/random",
|
|
"/dev/urandom"
|
|
]
|
|
},
|
|
"file_accesses": [
|
|
"logs",
|
|
"bar"
|
|
]
|
|
}
|
|
},
|
|
"schedule": {
|
|
"launchd": {
|
|
"query": "select * from launchd;",
|
|
"interval": 3600
|
|
}
|
|
},
|
|
"file_paths": {
|
|
"logs": [
|
|
"/dev/null"
|
|
],
|
|
"config_files": [
|
|
"/dev",
|
|
"/dev/zero"
|
|
]
|
|
},
|
|
"file_accesses": [
|
|
"logs"
|
|
],
|
|
"events": {
|
|
"environment_variables": [
|
|
"foo",
|
|
"bar"
|
|
]
|
|
}
|
|
}
|