How to use ntfs_journal_events to monitor file ope...
# windowsx
xiaoliuzi
05/03/2020, 3:54 PMHow to use ntfs_journal_events to monitor file operations?
m
Mike Myers
05/04/2020, 9:07 PMhttps://gist.github.com/woodruffw/ea5a80de23a190bac165785fe07299b2#file-queries-sql these are some example queries
x
xiaoliuzi
05/05/2020, 1:37 AMI use this query without any results
SELECT * FROM ntfs_journal_events WHERE path LIKE "C: \\ Program Files \\ osquery \\%";
xiaoliuzi
05/05/2020, 1:40 AMy
yossarian
05/06/2020, 2:53 PM@xiaoliuzi make sure that your
osquery.confx
xiaoliuzi
05/09/2020, 1:55 PM4 Views