Releases: osquery/osquery
1.3.0
Table changes (from 1.2.2 to 1.3.0):
Potential API incompatibility changes:
Added table rpm_packages to CentOS, removed from Linux/Ubuntu
Added table kernel_extensions to Darwin (Apple OS X), renamed from kextstat
The process_open_files table has changed drastically, please see the new process_open_files and process_open_sockets tables. These two new tables take the place of port_inode and socket_inode on Linux.
Additional API changes:
Added table acpi_tables to All Platforms
Added table interface_addresses to All Platforms
Added table interface_details to All Platforms
Added table listening_ports to All Platforms
Added table process_open_sockets to All Platforms
Added table smbios_tables to All Platforms
Added table iokit_devicetree to Darwin (Apple OS X)
Added table iokit_registry to Darwin (Apple OS X)
Added table nfs_shares to Darwin (Apple OS X)
Added table xprotect_entries to Darwin (Apple OS X)
Added table xprotect_reports to Darwin (Apple OS X)
Added table kernel_integrity to Ubuntu, CentOS
Added table apt_sources to Ubuntu
Added table deb_packages to Ubuntu
Added column sha1 (TEXT) to table hash
Added column sha256 (TEXT) to table hash
Added column fd (BIGINT) to table process_open_files
Added column path (TEXT) to table process_open_files
Removed column file_type (TEXT) from table process_open_files
Removed column local_host (TEXT) from table process_open_files
Removed column local_path (TEXT) from table process_open_files
Removed column local_port (TEXT) from table process_open_files
Removed column remote_host (TEXT) from table process_open_files
Removed column remote_port (TEXT) from table process_open_files
