Under Review

vulnerability_applocker_ruleset_enforcement_mode

well its a vulnerability need to get descriptions of each of these vulnerabilities into the documentation.

SCHEMA

analysis string JSON object representing the analysis
data string Data content of registry value
key string Name of the key
mtime long time of the most recent registry write
name string Name of the registry value entry
path string Full path to the value
type string Type of the registry value

-- vulnerability_applocker_ruleset_enforcement_mode INFO
SELECT 
   -- Device ID DETAILS
   meta_hostname, meta_ip_address, 

   -- Query Details
   query_name, analysis, data, key, mtime,
   name, path, type,

   -- Decoration 
   meta_boot_time, meta_eid, meta_endpoint_type, 
   meta_ip_mask, meta_mac_address, meta_os_name, meta_os_platform, meta_os_type,
   meta_os_version, meta_public_ip, meta_query_pack_version, meta_username,

   --- Generic
   calendar_time, counter, epoch, host_identifier, numerics
   osquery_action, unix_time,

   -- Data Lake
   customer_id, endpoint_id, upload_size

FROM xdr_data
WHERE query_name = 'vulnerability_applocker_ruleset_enforcement_mode'