mirror of
https://github.com/fleetdm/fleet
synced 2026-05-22 16:39:01 +00:00
e82962e4a7
* create schema/tables, add yaml schema tables
* Update osquery-table-details.ejs
* Generate schema from schema/tables/ folder
* Create generate-yaml-tables-from-json.js
* update created table files
* update fleet override validation
* update error messages, add fleetRepoUrl
* Delete generate-yaml-tables-from-json.js
* Update osquery-table-details.ejs
* Update whitespace in table examples
* Revert "Update osquery-table-details.ejs"
This reverts commit 2e9d63208f.
* add YAML tables generated from updated Fleet schema
* lint fixes
* update arp_cache and docker_containers tables
13 lines
430 B
YAML
13 lines
430 B
YAML
name: disk_events
|
|
examples: >-
|
|
This is an evented table, and as such, is more useful if you are sending
|
|
osquery logs to a SIEM or other centralized destination via Fleet. Events must
|
|
be enabled. This query will contain the list of all actions related to
|
|
connecting and removing disks, including SMB drives and USB storage, which can
|
|
be very useful for investigative purposes.
|
|
|
|
```
|
|
|
|
SELECT * FROM disk_events;
|
|
|
|
```
|