Track YARA matches for files specified in configuration data.

Platform support

Please be aware that some queries can only be run against certain platforms. Below is a list of the supported platforms that this query supports. Zercurity will automatically pause queries from running if errors are detected. Running a query against an unsupported platform will result in the following error: no such table: yara_events

  • Linux
  • Mac OSX

Table schema

Name Type Description
target_path TEXT The path scanned
category TEXT The category of the file
action TEXT Change action (UPDATE, REMOVE, etc)
transaction_id BIGINT ID used during bulk update
matches TEXT List of YARA matches
count INTEGER Number of YARA matches
strings TEXT Matching strings
tags TEXT Matching tags
time BIGINT Time of the scan
eid TEXT Event ID

Query examples

Select all the results for the given table.

SELECT * FROM yara_events;