Channels
android_tests
apple-silicon
arm-architecture
auditing-warroom
aws
carving
code-review
community-feeds
core
darkbytes
doorman
ebpf
eclecticiq-polylogyx-extension
extensions
file-carving
fim
fleet
fleet-dev
fleetosquery
foundation
fuzzing
general
golang
goquery
infrastructure
jobs
kolide
linen-dev
linux
macos
officehours
osctrl
plugins
process-auditing
querycon
queryhub
random
selfgroup
sql
tls
uptycs
vendor-feeds
website
windows
zeek
zentral
zercurity
Title
n
Nand
05/02/2023, 5:51 AMLike File Create, Move, Copy, Paste, Rename, Delete, Send To etc
j
Jason
05/02/2023, 1:17 PMAbsolutely - but you'd need to enable some feature flags in osquery. https://fleetdm.com/guides/osquery-evented-tables-overview
n
Nand
05/02/2023, 3:47 PMHi Jason, Thanks for your response
FYIP, our Virtual Drive is FAT32 Type, so which approach will be followed
If this uses NTFS Change Journal then I doubt it will not capture FAT32 virtual drive activities
j
Jason
05/02/2023, 5:01 PMyou are probably right and it does appear to use the NTFS journal