valitydev/osquery-1
14
0
Fork 0
mirror of https://github.com/valitydev/osquery-1.git synced 2024-11-08 10:23:54 +00:00
Code Issues Actions Packages Projects Releases Wiki Activity
f88d404e6d
osquery-1/specs/posix/yara.table
artemdinaburg d4a3fe2452 Windows Daemon/Shell: Initial support for Windows tables (#2182) 
Preparation for Windows Tables. We need a Windows process table so that the daemon will run
2016-06-23 16:04:11 -07:00

18 lines
678 B
Plaintext
Raw Blame History

table_name("yara")
description("Track YARA matches for files or PIDs.")
schema([
Column("path", TEXT, "The path scanned"),
Column("matches", TEXT, "List of YARA matches"),
Column("count", INTEGER, "Number of YARA matches"),
Column("sig_group", TEXT, "Signature group used"),
Column("sigfile", TEXT, "Signature file used"),
Column("strings", TEXT, "Matching strings"),
Column("tags", TEXT, "Matching tags"),
])
implementation("yara@genYara")
examples([
"select * from yara where path = '/etc/passwd'",
"select * from yara where path LIKE '/etc/%'",
"select * from yara where path = '/etc/passwd' and sigfile = '/etc/osquery/yara/test.yara'",
])
Reference in New Issue View Git Blame Copy Permalink