Comments (3)
marpaia
commented on May 22, 2024
@cmc87 adding you to this in case you have any insight to add to the task. for example, what do you think the columns should be?
from osquery.
cmc
commented on May 22, 2024
Body file format is a good starting place. http://wiki.sleuthkit.org/index.php?title=Body_file - with the option to convert unix timestamps to human readable and sort. This is typically two seperate activities in practice (create bodyfile -> convert to timeline). We should be able to select between timeframes. We might need to cache timelines somehow as they take some time to generate.
from osquery.
marpaia
commented on May 22, 2024
tracking in #619
from osquery.
Related Issues (20)
- 'logged_in_users' Table not Showing Disconnected Sessions
- Update to SQLite 3.45.0 introduces an issue where a required column is not passed into a table due to optimizations for the IN keyword HOT 9
- Shutdown Crash After Failure to Launch Extension
- Incorrect reporting for unix domain sockets on macOS
- Loss of data for EventData in Windows Event Logs
- JSON output to support null data types
- Hash module unavailable in osquery on macOS HOT 3
- SQL real precision incorrect
- New value for 'socket' config does not create file, default value keep being used HOT 3
- Support for the `blake3` hash algorithm
- Crash in ServiceArgumentParser via ServiceMain
- Debug error when multiple categories added in file_paths HOT 6
- [email protected] aren't visible on the table authorized_keys
- There are changes in the build environment HOT 3
- Windows UBR missing in `os_version` table
- Provide more information in the logs when distributed TLS requests fail
- Race condition when registering ATC tables HOT 3
- endpointsecurity_fim.cpp is not monitoring new files under defined path
- [Bug] [Posix] dns_resolvers returned same search domain when have multiple
- Multiple osquery services HOT 3
Recommend Projects
-
React
A declarative, efficient, and flexible JavaScript library for building user interfaces.
-
Vue.js
🖖 Vue.js is a progressive, incrementally-adoptable JavaScript framework for building UI on the web.
-
Typescript
TypeScript is a superset of JavaScript that compiles to clean JavaScript output.
-
TensorFlow
An Open Source Machine Learning Framework for Everyone
-
Django
The Web framework for perfectionists with deadlines.
-
Laravel
A PHP framework for web artisans
-
D3
Bring data to life with SVG, Canvas and HTML. 📊📈🎉
-
Recommend Topics
-
javascript
JavaScript (JS) is a lightweight interpreted programming language with first-class functions.
-
web
Some thing interesting about web. New door for the world.
-
server
A server is a program made to process requests and deliver data to clients.
-
Machine learning
Machine learning is a way of modeling and interpreting data that allows a piece of software to respond intelligently.
-
Visualization
Some thing interesting about visualization, use data art
-
Game
Some thing interesting about game, make everyone happy.
Recommend Org
-
Facebook
We are working to build community through open source technology. NB: members must have two-factor auth.
-
Microsoft
Open source projects and samples from Microsoft.
-
Google
Google ❤️ Open Source for everyone.
-
Alibaba
Alibaba Open Source for everyone
-
D3
Data-Driven Documents codes.
-
Tencent
China tencent open source team.
from osquery.