From e8761c1664f30ea0522dc1281aace5ab2558bad9 Mon Sep 17 00:00:00 2001
From: milkmix <milkmix@asahidake.local>
Date: Thu, 25 Oct 2018 21:28:46 +0200
Subject: [PATCH] super simple support for mutexes through winbaseobj in
 osquery 3.3

---
 misp_modules/modules/export_mod/osqueryexport.py | 2 +-
 1 file changed, 1 insertion(+), 1 deletion(-)

diff --git a/misp_modules/modules/export_mod/osqueryexport.py b/misp_modules/modules/export_mod/osqueryexport.py
index a1535d8..084762e 100755
--- a/misp_modules/modules/export_mod/osqueryexport.py
+++ b/misp_modules/modules/export_mod/osqueryexport.py
@@ -42,7 +42,7 @@ def handle_regkeyvalue(value):
     return 'SELECT * FROM registry WHERE path LIKE \'%s\' AND data LIKE \'%s\';' % (key, value)
 
 def handle_mutex(value):
-    return 'not implemented yet'
+    return 'SELECT * FROM winbaseobj WHERE object_name LIKE \'%s\';' % value
 
 def handle_service(value):
     return 'SELECT * FROM services WHERE display_name LIKE \'%s\' OR name like \'%s\';' % (value, value)