osquery-defense-kit/incident_response/files-etc.sql

mirror of https://github.com/chainguard-dev/osquery-defense-kit
-- Returns a list of file information from /etc (non-hidden only)
--
-- tags: postmortem
-- platform: posix
SELECT
  *
FROM
  file
  JOIN hash ON file.path = hash.path
WHERE
  file.path LIKE "/etc/%%";
Add many new incident response queries 2023-02-23 14:35:38 +00:00			`-- Returns a list of file information from /etc (non-hidden only)`
			`--`
			`-- tags: postmortem`
			`-- platform: posix`
make reformat 2023-05-08 17:20:47 +00:00			`SELECT`
			`*`
			`FROM`
			`file`
			`JOIN hash ON file.path = hash.path`
			`WHERE`
			`file.path LIKE "/etc/%%";`