list the devices network interfaces
SCHEMA
| address | string | IPv4 address target |
| broadcast | string | Broadcast address for the interface |
| ibytes | long | Input bytes |
| interface | string | Interface name |
| mac | string | MAC of interface (optional) |
| mask | string | Interface netmask |
| mtu | int | Network MTU |
| obytes | long | Output bytes |
-- network_interfaces INFO SELECT -- Device ID DETAILS meta_hostname, meta_ip_address, -- Query Details query_name, query_name, address, broadcast, ibytes, interface, mac, mask, mtu, obytes, -- Decoration meta_boot_time, meta_eid, meta_endpoint_type, meta_ip_mask, meta_mac_address, meta_os_name, meta_os_platform, meta_os_type, meta_os_version, meta_public_ip, meta_query_pack_version, meta_username, --- Generic calendar_time, counter, epoch, host_identifier, numerics osquery_action, unix_time, -- Data Lake customer_id, endpoint_id, upload_size FROM xdr_data WHERE query_name = 'network_interfaces'
RESULTS
+-----------------+-------------------+--------------------+----------------------------+-------------+-------------+-------------+-------------------------+-----------------------------------------+-------+-------------+------------------+--------------------------------------+----------------------+----------------+--------------------+------------------------------+--------------------+----------------+-------------------+------------------+---------------------------+-----------------+----------------------+-----------+------------+-------------------+------------------+----------------------+--------------------------------------+--------------------------------------+---------------+ | meta_hostname | meta_ip_address | query_name | address | broadcast | ibytes | interface | mac | mask | mtu | obytes | meta_boot_time | meta_eid | meta_endpoint_type | meta_ip_mask | meta_mac_address | meta_os_name | meta_os_platform | meta_os_type | meta_os_version | meta_public_ip | meta_query_pack_version | meta_username | calendar_time | counter | epoch | host_identifier | osquery_action | unix_time | customer_id | endpoint_id | upload_size | |-----------------+-------------------+--------------------+----------------------------+-------------+-------------+-------------+-------------------------+-----------------------------------------+-------+-------------+------------------+--------------------------------------+----------------------+----------------+--------------------+------------------------------+--------------------+----------------+-------------------+------------------+---------------------------+-----------------+----------------------+-----------+------------+-------------------+------------------+----------------------+--------------------------------------+--------------------------------------+---------------| | Victim3-EDR | 192.168.100.143 | network_interfaces | 192.168.100.143 | | 0 | 11 | 00:50:56:2a:3a:13 | 255.255.255.0 | 1500 | 0 | 1601905066 | 07343bcf-3fb4-34bb-58a0-75ea91b4d569 | computer | 255.255.255.0 | 00:50:56:2a:3a:13 | Microsoft Windows 7 Ultimate | windows | client | 6.1.7601 | 73.69.54.187 | 1.1.12 | test | 2020-10-09T12:10:43Z | 0 | 1601805653 | Victim3-EDR | False | 2020-10-09T12:10:43Z | b288d41b-53bb-64ae-5a67-1bc1507d5198 | 7043b3fc-f34b-43bb-850a-57ae194b5d96 | 781 | | Victim3-EDR | 192.168.100.143 | network_interfaces | ::1 | | 0 | 1 | | ffff:ffff:ffff:ffff:ffff:ffff:ffff:ffff | 0 | 0 | 1601905066 | 07343bcf-3fb4-34bb-58a0-75ea91b4d569 | computer | 255.255.255.0 | 00:50:56:2a:3a:13 | Microsoft Windows 7 Ultimate | windows | client | 6.1.7601 | 73.69.54.187 | 1.1.12 | test | 2020-10-09T12:10:43Z | 0 | 1601805653 | Victim3-EDR | False | 2020-10-09T12:10:43Z | b288d41b-53bb-64ae-5a67-1bc1507d5198 | 7043b3fc-f34b-43bb-850a-57ae194b5d96 | 773 | | Victim3-EDR | 192.168.100.143 | network_interfaces | 127.0.0.1 | | 0 | 1 | | 255.0.0.0 | 0 | 0 | 1601905066 | 07343bcf-3fb4-34bb-58a0-75ea91b4d569 | computer | 255.255.255.0 | 00:50:56:2a:3a:13 | Microsoft Windows 7 Ultimate | windows | client | 6.1.7601 | 73.69.54.187 | 1.1.12 | test | 2020-10-09T12:10:43Z | 0 | 1601805653 | Victim3-EDR | False | 2020-10-09T12:10:43Z | b288d41b-53bb-64ae-5a67-1bc1507d5198 | 7043b3fc-f34b-43bb-850a-57ae194b5d96 | 749 | | Victim3-EDR | 192.168.100.143 | network_interfaces | fe80::5efe:192.168.100.143 | | 0 | 15 | 00:00:00:00:00:00:00:e0 | ffff:ffff:ffff:ffff:ffff:ffff:ffff:ffff | 1280 | 0 | 1601905066 | 07343bcf-3fb4-34bb-58a0-75ea91b4d569 | computer | 255.255.255.0 | 00:50:56:2a:3a:13 | Microsoft Windows 7 Ultimate | windows | client | 6.1.7601 | 73.69.54.187 | 1.1.12 | test | 2020-10-09T12:10:43Z | 0 | 1601805653 | Victim3-EDR | False | 2020-10-09T12:10:43Z | b288d41b-53bb-64ae-5a67-1bc1507d5198 | 7043b3fc-f34b-43bb-850a-57ae194b5d96 | 824 | | Victim3-EDR | 192.168.100.143 | network_interfaces | fe80::100:7f:fffe | | 0 | 14 | 00:00:00:00:00:00:00:e0 | ffff:ffff:ffff:ffff:: | 1280 | 0 | 1601905066 | 07343bcf-3fb4-34bb-58a0-75ea91b4d569 | computer | 255.255.255.0 | 00:50:56:2a:3a:13 | Microsoft Windows 7 Ultimate | windows | client | 6.1.7601 | 73.69.54.187 | 1.1.12 | test | 2020-10-09T12:10:43Z | 0 | 1601805653 | Victim3-EDR | False | 2020-10-09T12:10:43Z | b288d41b-53bb-64ae-5a67-1bc1507d5198 | 7043b3fc-f34b-43bb-850a-57ae194b5d96 | 799 | | DESKTOP-RB61UC8 | 192.168.1.173 | network_interfaces | fe80::fc6e:5922:21d5:be56 | | 27449725770 | 3 | 5c:ea:1d:c1:aa:55 | ffff:ffff:ffff:ffff:: | 1500 | 23433316750 | 1601472788 | eface84e-4db6-344f-a89d-90801856834f | computer | 255.255.255.0 | 5c:ea:1d:c1:aa:55 | Microsoft Windows 10 Pro | windows | client | 10.0.19041 | 73.69.54.187 | 1.1.12 | Admin | 2020-10-12T23:06:28Z | 4 | 1602286841 | DESKTOP-RB61UC8 | False | 2020-10-12T23:06:28Z | b288d41b-53bb-64ae-5a67-1bc1507d5198 | feca8ee4-d46b-43f4-8ad9-0908816538f4 | 824 | | DESKTOP-RB61UC8 | 192.168.1.173 | network_interfaces | 192.168.1.173 | | 27449726460 | 3 | 5c:ea:1d:c1:aa:55 | 255.255.255.0 | 1500 | 23433317376 | 1601472788 | eface84e-4db6-344f-a89d-90801856834f | computer | 255.255.255.0 | 5c:ea:1d:c1:aa:55 | Microsoft Windows 10 Pro | windows | client | 10.0.19041 | 73.69.54.187 | 1.1.12 | Admin | 2020-10-12T23:06:28Z | 4 | 1602286841 | DESKTOP-RB61UC8 | False | 2020-10-12T23:06:28Z | b288d41b-53bb-64ae-5a67-1bc1507d5198 | feca8ee4-d46b-43f4-8ad9-0908816538f4 | 804 | | Victim3-EDR | 192.168.100.143 | network_interfaces | 192.168.100.143 | | 0 | 11 | 00:50:56:2a:3a:13 | 255.255.255.0 | 1500 | 0 | 1601905066 | 07343bcf-3fb4-34bb-58a0-75ea91b4d569 | computer | 255.255.255.0 | 00:50:56:2a:3a:13 | Microsoft Windows 7 Ultimate | windows | client | 6.1.7601 | 73.69.54.187 | 1.1.12 | test | 2020-10-10T11:16:42Z | 0 | 1602320453 | Victim3-EDR | False | 2020-10-10T11:16:42Z | b288d41b-53bb-64ae-5a67-1bc1507d5198 | 7043b3fc-f34b-43bb-850a-57ae194b5d96 | 781 | | Victim3-EDR | 192.168.100.143 | network_interfaces | ::1 | | 0 | 1 | | ffff:ffff:ffff:ffff:ffff:ffff:ffff:ffff | 0 | 0 | 1601905066 | 07343bcf-3fb4-34bb-58a0-75ea91b4d569 | computer | 255.255.255.0 | 00:50:56:2a:3a:13 | Microsoft Windows 7 Ultimate | windows | client | 6.1.7601 | 73.69.54.187 | 1.1.12 | test | 2020-10-10T11:16:42Z | 0 | 1602320453 | Victim3-EDR | False | 2020-10-10T11:16:42Z | b288d41b-53bb-64ae-5a67-1bc1507d5198 | 7043b3fc-f34b-43bb-850a-57ae194b5d96 | 773 | | Victim3-EDR | 192.168.100.143 | network_interfaces | 127.0.0.1 | | 0 | 1 | | 255.0.0.0 | 0 | 0 | 1601905066 | 07343bcf-3fb4-34bb-58a0-75ea91b4d569 | computer | 255.255.255.0 | 00:50:56:2a:3a:13 | Microsoft Windows 7 Ultimate | windows | client | 6.1.7601 | 73.69.54.187 | 1.1.12 | test | 2020-10-10T11:16:42Z | 0 | 1602320453 | Victim3-EDR | False | 2020-10-10T11:16:42Z | b288d41b-53bb-64ae-5a67-1bc1507d5198 | 7043b3fc-f34b-43bb-850a-57ae194b5d96 | 749 | | Victim3-EDR | 192.168.100.143 | network_interfaces | fe80::5efe:192.168.100.143 | | 0 | 15 | 00:00:00:00:00:00:00:e0 | ffff:ffff:ffff:ffff:ffff:ffff:ffff:ffff | 1280 | 0 | 1601905066 | 07343bcf-3fb4-34bb-58a0-75ea91b4d569 | computer | 255.255.255.0 | 00:50:56:2a:3a:13 | Microsoft Windows 7 Ultimate | windows | client | 6.1.7601 | 73.69.54.187 | 1.1.12 | test | 2020-10-10T11:16:42Z | 0 | 1602320453 | Victim3-EDR | False | 2020-10-10T11:16:42Z | b288d41b-53bb-64ae-5a67-1bc1507d5198 | 7043b3fc-f34b-43bb-850a-57ae194b5d96 | 824 | | Victim3-EDR | 192.168.100.143 | network_interfaces | fe80::100:7f:fffe | | 0 | 14 | 00:00:00:00:00:00:00:e0 | ffff:ffff:ffff:ffff:: | 1280 | 0 | 1601905066 | 07343bcf-3fb4-34bb-58a0-75ea91b4d569 | computer | 255.255.255.0 | 00:50:56:2a:3a:13 | Microsoft Windows 7 Ultimate | windows | client | 6.1.7601 | 73.69.54.187 | 1.1.12 | test | 2020-10-10T11:16:42Z | 0 | 1602320453 | Victim3-EDR | False | 2020-10-10T11:16:42Z | b288d41b-53bb-64ae-5a67-1bc1507d5198 | 7043b3fc-f34b-43bb-850a-57ae194b5d96 | 799 | | Victim4-Win10 | 192.168.100.162 | network_interfaces | fe80::40ef:fc78:d64a:4516 | | 0 | 5 | 00:50:56:3c:c7:00 | ffff:ffff:ffff:ffff:: | 1500 | 0 | 1601910646 | 2fd10d5e-3267-4476-aa1c-182846a3eac0 | computer | 255.255.255.0 | 00:50:56:3c:c7:00 | Microsoft Windows 10 Pro | windows | client | 10.0.18363 | 73.69.54.187 | 1.1.12 | Admin | 2020-10-08T19:10:11Z | 0 | 1601806909 | Victim4-Win10 | False | 2020-10-08T19:10:11Z | b288d41b-53bb-64ae-5a67-1bc1507d5198 | f21dd0e5-2376-4467-aac1-8182643aae0c | 800 |
