fleet icon indicating copy to clipboard operation
fleet copied to clipboard
verified publisher icon fleetdm

`platform_info` table on windows has columns which are empty

Open zhumo opened this issue 3 years ago • 1 comments

Problem

While testing windows tables, we found that the platform_info table was returning blank values for some columns such as:

  • address
  • size
  • volume_size

Requirements

  • Determine why this is happening
    • One theory we had while discussing was that these columns are not relevant to Windows. If so, we should update the spec file to show that it is an extended schema

Parent Epic

  • #6766

zhumo avatar Jul 27 '22 14:07 zhumo

There is no attempt made to get this info on Windows. See code: https://github.com/osquery/osquery/blob/master/osquery/tables/system/windows/smbios_tables.cpp#L160-L195

I took a look at what WMI makes available and don't see any corresponding values. Makes sense to me to change it to extended schema. Who can take that on?

zwass avatar Aug 11 '22 18:08 zwass

@zwass https://github.com/osquery/osquery/pull/7732

zhumo avatar Aug 15 '22 20:08 zhumo