https://github.com/osquery/osquery logo
Powered by
#general
Title
# general
n

Nand

05/02/2023, 5:51 AM
Like File Create, Move, Copy, Paste, Rename, Delete, Send To etc
j

Jason

05/02/2023, 1:17 PM
Absolutely - but you'd need to enable some feature flags in osquery. https://fleetdm.com/guides/osquery-evented-tables-overview
n

Nand

05/02/2023, 3:47 PM
Hi Jason, Thanks for your response
FYIP, our Virtual Drive is FAT32 Type, so which approach will be followed
If this uses NTFS Change Journal then I doubt it will not capture FAT32 virtual drive activities
j

Jason

05/02/2023, 5:01 PM
you are probably right and it does appear to use the NTFS journal
7 Views
Powered by