mirror of
https://github.com/fleetdm/fleet
synced 2026-05-22 08:28:52 +00:00
02437a098e
Closes: #19271 Closes: #19286 Changes: - Updated the example in the schema folder readme - Updated the block scalar used in Fleet's osquery override documentation (`>-` » `|-`) and removed extra newlines - Updated the block scalar used in URLs used to create new yaml override files - Regenerated osqeury_fleet_schema.json
11 lines
428 B
YAML
11 lines
428 B
YAML
name: disk_events
|
|
examples: |-
|
|
This is an evented table, and as such, is more useful if you are sending
|
|
osquery logs to a SIEM or other centralized destination via Fleet. Events must
|
|
be enabled. This query will contain the list of all actions related to
|
|
connecting and removing disks, including SMB drives and USB storage, which can
|
|
be very useful for investigative purposes.
|
|
|
|
```
|
|
SELECT * FROM disk_events;
|
|
```
|