Channels
doorman
zercurity
infrastructure
code-review
queryhub
apple-silicon
carving
goquery
aws
querycon
golang
file-carving
fuzzing
help-proxy
darkbytes
process-auditing
general
windows
random
fleet-dev
tls
fim
awallaby
zentral
zeek
auditing-warroom
linen-dev
fleetosquery
plugins
jobs
arm-architecture
uptycs
android_tests
selfgroup
vendor-feeds
fleet
eclecticiq-polylogyx-extension
ebpf
website
core
macos
kolide
osctrl
extensions
foundation
sql
officehours
linux
community-feeds
Powered by
#general
Title
s
Stefano Bonicatti
07/20/2021, 4:34 PM
No only on posix platforms, for Windows it's empty, and one has to use
ntfs_acl_permissions
as
@puffycid
was saying
💯 1
a
Alex Alborzfard
07/21/2021, 6:40 PM
I'm looking for the same info as
@Sebastiaan
. I can't find
@puffycid
post about using ntfs_acl_permissions. Can you re-share it plz?
s
Stefano Bonicatti
07/21/2021, 6:48 PM
The suggestion is to simply use that table, since it will lists the ACLs present on a file passed as path
https://osquery.io/schema/4.9.0/#ntfs_acl_permissions
this is the schema
2 Views
Post