mirror of
https://github.com/chainguard-dev/osquery-defense-kit
synced 2025-02-16 17:37:06 +00:00
12 lines
196 B
SQL
12 lines
196 B
SQL
-- Return the list of watched file events (must be configured)
|
|
--
|
|
-- tags: postmortem
|
|
-- platform: posix
|
|
-- interval: 900
|
|
SELECT
|
|
*
|
|
FROM
|
|
file_events
|
|
WHERE
|
|
time > (strftime('%s', 'now') -900)
|