Tables

Fleet uses osquery tables to query operating system, hardware, and software data. Each table provides specific data for analysis and filtering.

Apple

apps

macOS applications installed in known search paths (e.g., /Applications).

Column	Type	Description
applescript_enabled	text	Info properties NSAppleScriptEnabled label
bundle_executable	text	Info properties CFBundleExecutable label
bundle_identifier	text	Info properties CFBundleIdentifier label
bundle_name	text	Info properties CFBundleName label
bundle_package_type	text	Info properties CFBundlePackageType label
bundle_short_version	text	Info properties CFBundleShortVersionString label
bundle_version	text	Info properties CFBundleVersion label
category	text	The UTI that categorizes the app for the App Store
compiler	text	Info properties DTCompiler label
copyright	text	Info properties NSHumanReadableCopyright label
development_region	text	Info properties CFBundleDevelopmentRegion label
display_name	text	Info properties CFBundleDisplayName label
element	text	Does the app identify as a background agent
environment	text	Application-set environment variables
info_string	text	Info properties CFBundleGetInfoString label
last_opened_time	double	The time that the app was last used
minimum_system_version	text	Minimum version of macOS required for the app to run
name	text	Name of the Name.app folder
path	text	Absolute and full Name.app path

See the last time applications were used. Useful to know if a vulnerable application is being used as well as for licensing purposes.

SELECT *, strftime('%Y-%m-%d %H:%M:%S',last_opened_time,'unixepoch') as LastUseDate FROM apps WHERE last_opened_time!='-1.0';

Edit page

Ask us anything

Multi platform Device management Orchestration Software management Integrations Pricing

Documentation Support Docs API Release notes Get your license

Company About News Jobs Logos/artwork Why open source?

SOC2 Type 2

Tried Fleet yet?

Get started with Fleet