yara_events

Track YARA matches for files specified in configuration data.

Platform support

Please be aware that some queries can only be run against certain platforms. Below is a list of the supported platforms that this query supports. Zercurity will automatically pause queries from running if errors are detected. Running a query against an unsupported platform will result in the following error: no such table: yara_events

• Linux

• Mac OSX

Table schema

Name	Type	Description
target_path	TEXT	The path scanned
category	TEXT	The category of the file
action	TEXT	Change action (UPDATE, REMOVE, etc)
transaction_id	BIGINT	ID used during bulk update
matches	TEXT	List of YARA matches
count	INTEGER	Number of YARA matches
strings	TEXT	Matching strings
tags	TEXT	Matching tags
time	BIGINT	Time of the scan
eid	TEXT	Event ID

Query examples

Select all the results for the given table.

SELECT * FROM yara_events;