Solutions
Device management
Remotely manage, and protect laptops and mobile devices.
Orchestration
Automate tasks across devices, from app installs to scripts.
Software management
Inventory, patch, and manage installed software.
Infrastructure as code
See every change, undo any error, repeat every success.
Extend Fleet
Integrate your favorite tools with Fleet.
Customers
Pricing
More
Device management
Remotely manage, and protect laptops and mobile devices.
Orchestration
Automate tasks across devices, from app installs to scripts.
Software management
Inventory, patch, and manage installed software.
Infrastructure as code
See every change, undo any error, repeat every success.
Extend Fleet
Integrate your favorite tools with Fleet.
Tables
Fleet uses osquery tables to query operating system, hardware, and software data. Each table provides specific data for analysis and filtering.
Apple
Linux
Windows
ChromeOS
carves
carves
List the set of completed and in-progress carves. If carve=1 then the query is treated as a new carve request.
| Column | Type | Description |
|---|---|---|
| carve | integer | Set this value to '1' to start a file carve |
| carve_guid | text | Identifying value of the carve session |
| path | text | The path of the requested carve |
| request_id | text | Identifying value of the carve request (e.g., scheduled query name, distributed request, etc) |
| sha256 | text | A SHA256 sum of the carved archive |
| size | bigint | Size in bytes of the carved archive |
| status | text | Status of the carve, can be STARTING, PENDING, SUCCESS, or FAILED |
| time | bigint | Time at which the carve was kicked off |
Example
select * from carves where path like '/Users/%/Downloads/%' and carve=1Questions?
SOC2 Type 2
