fleet/schema/tables/shared_resources.yml

name: shared_resources
examples: |-
  Network shares with loose access controls are common places that leak sensitive information. This query looks for shared drives on Windows systems that likely contain sensitive data, by listing all shared folders that have the word `backup` in their name. This does not include `ADMIN$` type shares.
  
  ```
  SELECT description,name,path FROM shared_resources WHERE type = 0 and name like '%backup%';
  ```
  
notes: |-
  * `type_name` is a human readable value of the type column. These values can include: "Disk Drive Admin", "IPC Admin", "Disk Drive"
Initial cut of Win tables schema (#8351) * Initial cut of Win tables schema * Add context * Formatting fixes * Add bitlocker_info * Remove temp stuff * Remove temp stuff redux * Apply suggestions from code review Co-authored-by: Guillaume Ross <guillaume@binaryfactory.ca> * Update bitlocker_info.yml * Edited for clarity Co-authored-by: Guillaume Ross <guillaume@binaryfactory.ca> 2022-10-21 15:21:08 +00:00			`name: shared_resources`
Schema: change default block scalar used in schema override files (#19296) Closes: #19271 Closes: #19286 Changes: - Updated the example in the schema folder readme - Updated the block scalar used in Fleet's osquery override documentation (`>-` » `\|-`) and removed extra newlines - Updated the block scalar used in URLs used to create new yaml override files - Regenerated osqeury_fleet_schema.json 2024-05-27 23:18:56 +00:00			`examples: \|-`
Initial cut of Win tables schema (#8351) * Initial cut of Win tables schema * Add context * Formatting fixes * Add bitlocker_info * Remove temp stuff * Remove temp stuff redux * Apply suggestions from code review Co-authored-by: Guillaume Ross <guillaume@binaryfactory.ca> * Update bitlocker_info.yml * Edited for clarity Co-authored-by: Guillaume Ross <guillaume@binaryfactory.ca> 2022-10-21 15:21:08 +00:00			Network shares with loose access controls are common places that leak sensitive information. This query looks for shared drives on Windows systems that likely contain sensitive data, by listing all shared folders that have the word `backup` in their name. This does not include `ADMIN$` type shares.

			```
			`SELECT description,name,path FROM shared_resources WHERE type = 0 and name like '%backup%';`
			```

Schema: change default block scalar used in schema override files (#19296) Closes: #19271 Closes: #19286 Changes: - Updated the example in the schema folder readme - Updated the block scalar used in Fleet's osquery override documentation (`>-` » `\|-`) and removed extra newlines - Updated the block scalar used in URLs used to create new yaml override files - Regenerated osqeury_fleet_schema.json 2024-05-27 23:18:56 +00:00			`notes: \|-`
Initial cut of Win tables schema (#8351) * Initial cut of Win tables schema * Add context * Formatting fixes * Add bitlocker_info * Remove temp stuff * Remove temp stuff redux * Apply suggestions from code review Co-authored-by: Guillaume Ross <guillaume@binaryfactory.ca> * Update bitlocker_info.yml * Edited for clarity Co-authored-by: Guillaume Ross <guillaume@binaryfactory.ca> 2022-10-21 15:21:08 +00:00			* `type_name` is a human readable value of the type column. These values can include: "Disk Drive Admin", "IPC Admin", "Disk Drive"