-
-
Notifications
You must be signed in to change notification settings - Fork 2.4k
New issue
Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.
By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.
Already on GitHub? Sign in to your account
[master task] SQL tables requests and roadmap #619
Comments
List of OS X configuration reporters (and their table mapping or priority):
|
Thank you for reporting this issue and appreciate your patience. We've notified the core team for an update on this issue. We're looking for a response within the next 30 days or the issue may be closed. |
FYI, for #1521 in the above list (a |
This issue is old and doesn't look to be up-to-date so I'm going to close. If you care about a feature in here open a Feature Request. Those are going to be tagged with the wishlist label which makes them easier to find and track. |
This issue is tracking requested virtual tables. If you would like to suggest a new table or discuss the need for a new table please comment on this issue. If you would like to implement one of the tables or need a focused discussion please open a separate issue dedicated to that virtual table.
This issue tracks requested/planned additions to the available SQL tables in osquery. If you would like to suggest/discuss a new SQL table please comment on this issue. If you would like to implement one of the tables or need a focused discussion please open a separate issue dedicated to that table.
Shared (cross-platform) tables:
OS X)MDNS settings/cacheFilevault on OS X) Issue: [#911] Implement FDE status #913, PR: [#911] Implement FDE status #913forwarding/promisc/nameservers)Browser plugins/extensionsosquery-IO utilizationlinux, OS X (zpages))process memory maps(linux,OS X)group membershipinterface_addresses
(More interface details: static or DHCP #1575)file_regex
table for applying greps across selected file targets (Simple regular expression-based greping via query predicate #1692)ssdeep
support in hashing table (Add support for ssdeep column in thehash
table #1775)OS X Tables:
xattr "wherefrom" for downloaded items in select directoriesOS X Where From #653Managed client information panesdefaults read table with path to plist triggerblessed boot directory/file using nvram settings(available askernel_info
)Block devices (parity with Linux)authorization DB configinterface_details
service order & primary interface indicator (Darwin(+ others?) - interface details doesn't include primary net interface #1568)Linux Tables:
Deep systems/esoteric tables:
DMI/SMBIOS dataACPI tableslinux, OS X)Existing table additions:
Tables that exist, but need hi-priority columns.
shell_history
table (Add support for reading fish history inshell_history
table #1417)application_usage
on OS X (Application_usage add 'focused' attribute #1315)kernel_extensions
table on OS X (Kext table doesn't include if extension is actually loaded or signed(and by who) #1462)Existing table modifications (column depredations/aliases)
on_disk
in theprocesses
table should bepath_exists
orbinary_exists
(on_disk should probably get renamed to file_exists #1661)Kernel-introspection-enabled tables:
Tables that use the OS X kernel extension or the not-yet-developed Linux kernel module. In some cases the BSD audit framework can suffice.
Low-priority recommendations:
Anti-pattern tables:
These are tables that are not appropriate for osquery as it exists today. This does not mean these tables are forever blacklisted, but they require considerable discussion or are more appropriate as modules or extensions and not as part of the core tables.
The text was updated successfully, but these errors were encountered: