osquery-defense-kit/incident_response/es_process_events.sql

9 lines
147 B
SQL

-- Dump a list of process execution events from EndpointSecurity
--
-- platform: darwin
-- tags: events extra
SELECT
*
FROM
es_process_events;