Adding examples to 5 tables (#8424)

2026-05-23 17:08:53 +00:00 · 2022-10-25 14:19:51 -04:00 · 2022-10-25 14:19:51 -04:00 · 7eacc9fa96
commit 7eacc9fa96
parent 97b4d1f3fb
5 changed files with 51 additions and 0 deletions
--- a/schema/tables/npm_packages.yml
+++ b/schema/tables/npm_packages.yml
@ -6,3 +6,13 @@ columns:
  - name: mount_namespace_id
    platforms:
      - linux
+examples: >-
+  List the author, description and more information about packages made by Fleet. Replace the
+  homepage with any other distributor desired.
+
+  ```
+
+  SELECT author, description, directory, version FROM npm_packages WHERE homepage='https://fleetdm.com';
+  
+  ```
+
--- a/schema/tables/password_policy.yml
+++ b/schema/tables/password_policy.yml
@ -0,0 +1,10 @@
+name: password_policy
+examples: >-
+  This policy query will return a 1 if the password policy requires passwords that are 10 characters
+  or longer.
+
+  ```
+
+  SELECT 1 FROM (SELECT cast(lengthtxt as integer(2)) minlength FROM (SELECT SUBSTRING(length, 1, 2) AS lengthtxt FROM (SELECT policy_description, policy_identifier, split(policy_content, '{', 1) AS length FROM password_policy WHERE policy_identifier LIKE '%minLength')) WHERE minlength >= 10);
+
+  ```
--- a/schema/tables/pci_devices.yml
+++ b/schema/tables/pci_devices.yml
@ -21,3 +21,13 @@ columns:
  - name: subsystem_model
    platforms:
      - linux
+examples: >-
+  This table allows you to list PCI devices. With this query, identify devices with a specific model
+  ID. This can be useful when trying to identify systems that use common hardware, for example, when
+  trying to target firmware updates or understand similarities between problematic systems.
+
+  ```
+
+  SELECT driver, model, vendor, vendor_id FROM pci_devices WHERE model_id='0x1001';
+
+  ```
--- a/schema/tables/process_open_sockets.yml
+++ b/schema/tables/process_open_sockets.yml
@ -8,3 +8,13 @@ columns:
  - name: net_namespace
    platforms:
      - linux
+examples: >-
+  This table allows you to see network activity by process. With this query, list all connections
+  made to or from a process, excluding connections to localhost and
+  [RFC1918](https://en.wikipedia.org/wiki/Private_network) IP addresses.
+  
+  ```
+  
+  SELECT pos.local_port, pos.remote_port, pos.remote_address, p.pid, p.path FROM process_open_sockets pos JOIN processes p ON pos.pid = p.pid WHERE remote_address NOT LIKE '192.168%' AND remote_address NOT LIKE '10.%' AND remote_address NOT LIKE '172.16.%' AND remote_address NOT LIKE '127.%' AND remote_address!='0.0.0.0' AND remote_address NOT LIKE 'fe80%' AND remote_port!='0'; 
+  
+  ```
--- a/schema/tables/smbios_tables.yml
+++ b/schema/tables/smbios_tables.yml
@ -0,0 +1,11 @@
+name: smbios_tables
+notes: This table requires an Intel compatible system.
+examples: >-
+  SMBIOS tables are used to deliver information from the BIOS to the operating system. Use the *md5*
+  field to compare systems and see if their hardware is configured identically.
+
+  ```
+
+  SELECT * FROM smbios_tables WHERE md5='dd66d84ec724d35db011883052973eae'
+
+  ```