diff --git a/schema/tables/chrome_extensions.yml b/schema/tables/chrome_extensions.yml index fef72914f6..df960f8990 100644 --- a/schema/tables/chrome_extensions.yml +++ b/schema/tables/chrome_extensions.yml @@ -1,4 +1,9 @@ name: chrome_extensions +platforms: + - darwin + - windows + - linux + - chromeos description: Installed extensions (plugins) for [Chromium-based](https://en.wikipedia.org/wiki/Chromium_(web_browser)) browsers, including [Google Chrome](https://en.wikipedia.org/wiki/Google_Chrome), [Edge](https://en.wikipedia.org/wiki/Microsoft_Edge), [Brave](https://en.wikipedia.org/wiki/Brave_(web_browser)), [Opera](https://en.wikipedia.org/wiki/Opera_(web_browser)), and [Yandex](https://en.wikipedia.org/wiki/Yandex_Browser). examples: >- List Chrome extensions by user and profile which have full access to HTTPS @@ -10,7 +15,104 @@ examples: >- ``` columns: - - name: browser_type - description: "The type of browser. (Valid values: `chrome`, `chromium`, `opera`, `yandex`, `brave`, `edge`, `edge_beta`)" - name: uid requires_user_context: true + platforms: + - darwin + - windows + - linux + - name: profile + platforms: + - darwin + - windows + - linux + - name: profile_path + platforms: + - darwin + - windows + - linux + - name: referenced_identifier + platforms: + - darwin + - windows + - linux + - name: default_locale + platforms: + - darwin + - windows + - linux + - name: current_locale + platforms: + - darwin + - windows + - linux + - name: author + platforms: + - darwin + - windows + - linux + - name: persistent + platforms: + - darwin + - windows + - linux + - name: path + type: string + description: Defaults to '' on ChromeOS + platforms: + - darwin + - windows + - linux + - chromeos + - name: optional_permissions + platforms: + - darwin + - windows + - linux + - name: optional_permissions_json + platforms: + - darwin + - windows + - linux + - name: manifest_hash + platforms: + - darwin + - windows + - linux + - name: referenced + platforms: + - darwin + - windows + - linux + - name: from_webstore + platforms: + - darwin + - windows + - linux + - name: state + type: string + platforms: + - darwin + - windows + - linux + - chromeos + - name: install_time + platforms: + - darwin + - windows + - linux + - name: install_timestamp + platforms: + - darwin + - windows + - linux + - name: manifest_json + platforms: + - darwin + - windows + - linux + - name: key + platforms: + - darwin + - windows + - linux \ No newline at end of file diff --git a/schema/tables/geolocation.yml b/schema/tables/geolocation.yml new file mode 100644 index 0000000000..a19066ed89 --- /dev/null +++ b/schema/tables/geolocation.yml @@ -0,0 +1,22 @@ +name: geolocation +evented: false +platforms: + - chromeos +description: Last reported geolocation +columns: + - name: ip + type: text + required: false + description: IP address + - name: city + type: text + required: false + description: City + - name: country + type: text + required: false + description: Country + - name: region + type: text + required: false + description: Region diff --git a/schema/tables/network_interfaces.yml b/schema/tables/network_interfaces.yml new file mode 100644 index 0000000000..0a06e8f492 --- /dev/null +++ b/schema/tables/network_interfaces.yml @@ -0,0 +1,20 @@ +name: network_interfaces +evented: false +platforms: + - chromeos +description: Uses the `chrome.enterprise.networkingAttributes` API to read information about the host's current network. +columns: + - name: mac + type: text + required: false + description: MAC address (only available to extensions force-installed by enterprise policy) + - name: ipv4 + type: text + required: false + description: IPv4 address (only available to extensions force-installed by enterprise policy) + - name: ipv6 + type: text + required: false + description: IPv6 address (only available to extensions force-installed by enterprise policy) +notes: >- + - Requires that the fleetd extension is force-installed by enterprise policy diff --git a/schema/tables/os_version.yml b/schema/tables/os_version.yml index bab17794a1..9f77955ed9 100644 --- a/schema/tables/os_version.yml +++ b/schema/tables/os_version.yml @@ -1,4 +1,9 @@ name: os_version +platforms: + - darwin + - linux + - windows + - chromeos examples: >- See the OS version as well as the CPU architecture in use (X86 vs ARM for example) @@ -17,4 +22,4 @@ columns: - linux - name: mount_namespace_id platforms: - - linux + - linux \ No newline at end of file diff --git a/schema/tables/osquery_info.yml b/schema/tables/osquery_info.yml index 3bd80ad8f5..8ecc46ef86 100644 --- a/schema/tables/osquery_info.yml +++ b/schema/tables/osquery_info.yml @@ -1,4 +1,51 @@ name: osquery_info +platforms: + - darwin + - windows + - linux + - chromeos +columns: + - name: pid + platforms: + - darwin + - windows + - linux + - name: uuid + platforms: + - darwin + - windows + - linux + - name: instance_id + platforms: + - darwin + - windows + - linux + - name: config_hash + platforms: + - darwin + - windows + - linux + - name: config_valid + platforms: + - darwin + - windows + - linux + - name: start_time + platforms: + - darwin + - windows + - linux + - name: watcher + platforms: + - darwin + - windows + - linux + - name: platform_mask + platforms: + - darwin + - windows + - linux + examples: >- See the version of the currently running osquery. diff --git a/schema/tables/system_info.yml b/schema/tables/system_info.yml index 6e34d465a5..7499bddd53 100644 --- a/schema/tables/system_info.yml +++ b/schema/tables/system_info.yml @@ -1,4 +1,122 @@ name: system_info +platforms: + - windows + - darwin + - linux + - chromeos +columns: + - name: cpu_subtype + platforms: + - darwin + - windows + - linux + - name: cpu_physical_cores + platforms: + - darwin + - windows + - linux + - name: cpu_logical_cores + platforms: + - darwin + - windows + - linux + - name: cpu_microcode + platforms: + - darwin + - windows + - linux + - name: hardware_version + platforms: + - darwin + - windows + - linux + - name: board_vendor + platforms: + - darwin + - windows + - linux + - name: board_model + platforms: + - darwin + - windows + - linux + - name: board_version + platforms: + - darwin + - windows + - linux + - name: board_serial + platforms: + - darwin + - windows + - linux + - name: local_hostname + platforms: + - darwin + - windows + - linux + - name: hostname + type: string + description: For ChromeOS, this is only available if the extension was force-installed by an enterprise policy + platforms: + - darwin + - windows + - linux + - chromeos + - name: computer_name + type: string + description: For ChromeOS, if the extension wasn't force-installed by an enterprise policy this will default to 'ChromeOS' only + platforms: + - darwin + - windows + - linux + - chromeos + - name: hardware_serial + type: string + description: The device's serial number (For chromeos, this is only available if the extension was force-installed by an enterprise policy) + platforms: + - darwin + - windows + - linux + - chromeos + - name: hardware_vendor + type: string + description: For ChromeOS, this is only available if the extension was force-installed by an enterprise policy + platforms: + - darwin + - windows + - linux + - chromeos + - name: hardware_model + type: string + description: For ChromeOS, this is only available if the extension was force-installed by an enterprise policy + platforms: + - darwin + - windows + - linux + - chromeos + - name: cpu_brand + type: string + platforms: + - darwin + - windows + - linux + - chromeos + - name: cpu_type + type: string + platforms: + - darwin + - windows + - linux + - chromeos + - name: physical_memory + type: string + platforms: + - darwin + - windows + - linux + - chromeos + examples: >- See the CPU architecture of a machine as well as who made it and what its serial number is. diff --git a/schema/tables/users.yml b/schema/tables/users.yml index 0121cf394c..1108ea3a76 100644 --- a/schema/tables/users.yml +++ b/schema/tables/users.yml @@ -1,4 +1,9 @@ name: users +platforms: + - darwin + - windows + - linux + - chromeos examples: >- List users that have interactive access via a shell that isn't false. @@ -8,6 +13,48 @@ examples: >- ``` columns: + - name: gid + platforms: + - darwin + - windows + - linux + - name: uid_signed + platforms: + - darwin + - windows + - linux + - name: gid_signed + platforms: + - darwin + - windows + - linux + - name: description + platforms: + - darwin + - windows + - linux + - name: directory + platforms: + - darwin + - windows + - linux + - name: shell + platforms: + - darwin + - windows + - linux + - name: uuid + platforms: + - darwin + - windows + - linux + - chromeos + - name: email + required: false + type: string + description: Email + platforms: + - chromeos - name: type platforms: - windows @@ -17,3 +64,10 @@ columns: - name: pid_with_namespace platforms: - linux + - name: username + description: Username + platforms: + - darwin + - windows + - linux + - chromeos \ No newline at end of file