Hey guys I m getting this error when I run a query on the si

Question

Hey guys I m getting this error when I run a query on the signature table constraint failed the error from the log on my host shows Table signature was queried without a required column in the WHERE clause even though I have a column specified in the WHERE clause any idea why it s happening

Kathy Satterlee · Answer

Hi < Tarek Talaat> Are you including the `path` column in your `WHERE` clause If you could send over the query with any identifying info removed that would be helpful for diagnosing the issue

Tarek Talaat · Answer

oh I don t include the path in the WHERE ok one sec

Tarek Talaat · Answer

SELECT path signed team identifier from signature where team identifier like abcd

Tarek Talaat · Answer

it works without any errors if I include the path but what if I don t know the path and I want to get it

Kathy Satterlee · Answer

You could use wildcards in `path` ```SELECT path signed team identifier from signature WHERE team identifier like abcd AND path LIKE Applications ```

Tarek Talaat · Answer

I m trying to identify a malware and it could be downloaded some where else other than Applications but I ll try a wild card to include anything and see if that would help

Kathy Satterlee · Answer

That makes sense What are you trying to hunt down Someone here might have already started down the path to hunting it down or have some other knowledge to drop

Tarek Talaat · Answer

I m writing a query to hunt APT32 AKA oceanlotus

Kathy Satterlee · Answer

Gotcha I found query packs that should be helpful for pointing you in the right direction or may work for you as is The latter has a related that is pretty cool

Tarek Talaat · Answer

Thank you I ll check the article out Appreciate the help

Kathy Satterlee · Answer

Any time