Hi Guys I had a question If a table is empty and not populat

Question

Hi Guys I had a question If a table is empty and not populated does using SELECT from TABLE give an empty table or no output at all

Mike Myers · Answer

all tables contents are generated in response to the query so the table doesn t exist anywhere in memory or anything it doesn t exist until you query

Mike Myers · Answer

unless it s an evented table in which case the events are being spooled all the time and then querying the evented table does empty some or all of the spool depending on your settings

Usama Nathani · Answer

Okay thank you I am currently trying to enable yara events for windows and since the table is not being populated still testing it will give an empty output correct

Mike Myers · Answer

yes you might want need to create a test file that is expected to trigger a yara rule to make sure it s working

Usama Nathani · Answer

perfect thank you slightly smiling face