From 0ef72c36ceffd25adb6659b1fd24a5ece1ee53ec Mon Sep 17 00:00:00 2001
From: Guillaume Ross <guillaume@fleetdm.com>
Date: Wed, 9 Nov 2022 11:15:26 -0500
Subject: [PATCH] Adding examples (#8500)

Adding examples to 3 tables!
---
 schema/tables/etc_services.yml  | 10 ++++++++++
 schema/tables/power_sensors.yml | 10 ++++++++++
 schema/tables/yara.yml          | 16 ++++++++++++++++
 3 files changed, 36 insertions(+)
 create mode 100644 schema/tables/etc_services.yml
 create mode 100644 schema/tables/power_sensors.yml
 create mode 100644 schema/tables/yara.yml

diff --git a/schema/tables/etc_services.yml b/schema/tables/etc_services.yml
new file mode 100644
index 0000000000..665606fbfc
--- /dev/null
+++ b/schema/tables/etc_services.yml
@@ -0,0 +1,10 @@
+name: etc_services
+examples: >-
+  Identify the TCP and UDP ports associated to standard services.
+
+  ```
+
+  SELECT * FROM etc_services WHERE name='ftp';
+
+  ```
+
diff --git a/schema/tables/power_sensors.yml b/schema/tables/power_sensors.yml
new file mode 100644
index 0000000000..8e747ffe5a
--- /dev/null
+++ b/schema/tables/power_sensors.yml
@@ -0,0 +1,10 @@
+name: power_sensors
+notes: Returns useful results on Intel Macs only.
+examples: >-
+  See the total power usage of an Intel Mac.
+  
+  ```
+  
+  SELECT * FROM power_sensors WHERE key='PSTR';
+  
+  ```
diff --git a/schema/tables/yara.yml b/schema/tables/yara.yml
new file mode 100644
index 0000000000..6a4c3c8d3a
--- /dev/null
+++ b/schema/tables/yara.yml
@@ -0,0 +1,16 @@
+name: yara
+examples: >-
+  Look for files under `/root` that match a Yara signature. This example uses the [EICAR test file](https://www.eicar.org/download-anti-malware-testfile/).
+
+  ```
+
+  SELECT * FROM yara WHERE path like '/root/%%' AND sigrule IN (
+    'rule eicar {
+    strings:
+    $s1 = "X5O!P%@AP[4\\PZX54(P^)7CC)7}$EICAR-STANDARD-ANTIVIRUS-TEST-FILE!$H+H*" fullword ascii
+    condition:
+    all of them
+  }'
+   ) AND matches='eicar';
+
+  ```