Hi Experts,
Can someone please assist me with the osquery table name which keeps track of successful and failed root user logging information?
Note: I already checked users, logged_in_users, but no luck.
Thanks,
Nivedita
Hi @niveditakathal,
There’s a table that can help with that for MacOS - account_policy_data - but I’m not sure about other operating systems. I found an example query for that table in a question posted to the open source osquery project on Github: Question about failed logins from MacOS.
I suspect that folks from the osquery community might be able to give you a more definitive answer or some tips about how to get the info you need. You could try joining the osquery Slack or possibly open an issue with the osquery project on Github. You can find links for both on https://osquery.io.
Hope that helps!
Melissa
This topic was automatically closed 28 days after the last reply. New replies are no longer allowed.