mirror of
https://github.com/fleetdm/fleet
synced 2026-05-06 06:48:54 +00:00
02437a098e
Closes: #19271 Closes: #19286 Changes: - Updated the example in the schema folder readme - Updated the block scalar used in Fleet's osquery override documentation (`>-` » `|-`) and removed extra newlines - Updated the block scalar used in URLs used to create new yaml override files - Regenerated osqeury_fleet_schema.json
10 lines
No EOL
593 B
YAML
10 lines
No EOL
593 B
YAML
name: shared_resources
|
|
examples: |-
|
|
Network shares with loose access controls are common places that leak sensitive information. This query looks for shared drives on Windows systems that likely contain sensitive data, by listing all shared folders that have the word `backup` in their name. This does not include `ADMIN$` type shares.
|
|
|
|
```
|
|
SELECT description,name,path FROM shared_resources WHERE type = 0 and name like '%backup%';
|
|
```
|
|
|
|
notes: |-
|
|
* `type_name` is a human readable value of the type column. These values can include: "Disk Drive Admin", "IPC Admin", "Disk Drive" |