mirror of
https://github.com/fleetdm/fleet
synced 2026-05-23 08:58:41 +00:00
128ee07cae
For #31062: Added new Fleetd table 'bitlocker_key_protectors' that can be used for determining whether a TPM PIN protector is setup in a volume.
23 lines
No EOL
909 B
YAML
23 lines
No EOL
909 B
YAML
name: bitlocker_key_protectors
|
|
description: Returns what BitLocker key protectors are setup on the system.
|
|
evented: false
|
|
notes: This table is not a core osquery table. It is included as part of Fleet's agent ([fleetd](https://fleetdm.com/docs/get-started/anatomy#fleetd)).
|
|
platforms:
|
|
- windows
|
|
columns:
|
|
- name: drive_letter
|
|
description: The drive letter of the volume.
|
|
required: false
|
|
type: text
|
|
- name: key_protector_type
|
|
required: false
|
|
type: integer
|
|
description: |
|
|
An unsigned integer that specifies the type of key protector.
|
|
See https://learn.microsoft.com/en-us/windows/win32/secprov/getkeyprotectors-win32-encryptablevolume#parameters
|
|
for a list of possible values.
|
|
examples: |-
|
|
Determine whether 'C:' encryption key is protected by TPM and PIN
|
|
```
|
|
SELECT 1 FROM bitlocker_key_protectors WHERE drive_letter = 'C:' AND key_protector_type = 4;
|
|
``` |