valitydev/osquery-1
14
0
Fork 0
mirror of https://github.com/valitydev/osquery-1.git synced 2024-11-06 09:35:20 +00:00
Code Issues Actions Packages Projects Releases Wiki Activity
f8f5718297
osquery-1/specs/darwin/disk_events.table

24 lines
1.2 KiB
Plaintext
Raw Blame History

table_name("disk_events")
description("Track DMG disk image events (appearance/disappearance) when opened.")
schema([
Column("action", TEXT, "Appear or disappear"),
Column("path", TEXT, "Path of the DMG file accessed"),
Column("name", TEXT, "Disk event name"),
Column("device", TEXT, "Disk event BSD name",
aliases=["bsd_name"]),
Column("uuid", TEXT, "UUID of the volume inside DMG if available"),
Column("size", BIGINT, "Size of partition in bytes"),
Column("ejectable", INTEGER, "1 if ejectable, 0 if not"),
Column("mountable", INTEGER, "1 if mountable, 0 if not"),
Column("writable", INTEGER, "1 if writable, 0 if not"),
Column("content", TEXT, "Disk event content"),
Column("media_name", TEXT, "Disk event media name string"),
Column("vendor", TEXT, "Disk event vendor string"),
Column("filesystem", TEXT, "Filesystem if available"),
Column("checksum", TEXT, "UDIF Master checksum if available (CRC32)"),
Column("time", BIGINT, "Time of appearance/disappearance in UNIX time"),
Column("eid", TEXT, "Event ID", hidden=True),
])
attributes(event_subscriber=True)
implementation("events/darwin/disk_events@disk_events::genTable")
Reference in New Issue View Git Blame Copy Permalink