Join Slack
Powered by
No only on posix platforms, for Windows it's empty...
# general
s
Stefano Bonicatti
07/20/2021, 4:34 PM
No only on posix platforms, for Windows it's empty, and one has to use
ntfs_acl_permissions
as
@puffycid
was saying
💯 1
a
Alex Alborzfard
07/21/2021, 6:40 PM
I'm looking for the same info as
@Sebastiaan
. I can't find
@puffycid
post about using ntfs_acl_permissions. Can you re-share it plz?
s
Stefano Bonicatti
07/21/2021, 6:48 PM
The suggestion is to simply use that table, since it will lists the ACLs present on a file passed as path
Stefano Bonicatti
07/21/2021, 6:48 PM
https://osquery.io/schema/4.9.0/#ntfs_acl_permissions
Stefano Bonicatti
07/21/2021, 6:49 PM
this is the schema
2
Views
Open in Slack
Previous
Next