Solutions
Device management
Remotely manage, and protect laptops and mobile devices.
Orchestration
Automate tasks across devices, from app installs to scripts.
Software management
Inventory, patch, and manage installed software.
Fleet Gitops
See every change, under any error, repeat every success.
Extend Fleet
Integrate your favorite tools with Fleet.
Customers
Stripe + Fleet
Stripe moved 10,000 Macs to Fleet, saving hundreds of thousands annually.
Fastly + Fleet
Fastly gains visibility into all endpoints and critical infrastructure worldwide.
Foursquare + Fleet
Foursquare quickly migrates to Fleet for device management.
Faire + Fleet
Faire secures Macs with CIS benchmarks and Fleet.
What people are saying
Stories from the Fleet community.
Pricing
More
Device management
Remotely manage, and protect laptops and mobile devices.
Orchestration
Automate tasks across devices, from app installs to scripts.
Software management
Inventory, patch, and manage installed software.
Fleet Gitops
See every change, under any error, repeat every success.
Extend Fleet
Integrate your favorite tools with Fleet.
Stripe + Fleet
Stripe moved 10,000 Macs to Fleet, saving hundreds of thousands annually.
Fastly + Fleet
Fastly gains visibility into all endpoints and critical infrastructure worldwide.
Foursquare + Fleet
Foursquare cut costs and gained 114% ROI with Fleet.
Faire + Fleet
Faire secures Macs with CIS benchmarks and Fleet.
What people are saying
Stories from the Fleet community.
Tables
Fleet uses osquery tables to query operating system, hardware, and software data. Each table provides specific data for analysis and filtering.
Apple
Linux
Windows
ChromeOS
disk_events
disk_events EVENTED TABLE
Track DMG disk image events (appearance/disappearance) when opened.
| Column | Type | Description |
|---|---|---|
| action | text | Appear or disappear |
| checksum | text | UDIF Master checksum if available (CRC32) |
| content | text | Disk event content |
| device | text | Disk event BSD name |
| eid | text | Event ID Not returned in SELECT * FROM disk_events. |
| ejectable | integer | 1 if ejectable, 0 if not |
| filesystem | text | Filesystem if available |
| media_name | text | Disk event media name string |
| mountable | integer | 1 if mountable, 0 if not |
| name | text | Disk event name |
| path | text | Path of the DMG file accessed |
| size | bigint | Size of partition in bytes |
| time | bigint | Time of appearance/disappearance in UNIX time |
| uuid | text | UUID of the volume inside DMG if available |
| vendor | text | Disk event vendor string |
| writable | integer | 1 if writable, 0 if not |
Example
This is an evented table, and as such, is more useful if you are sending osquery logs to a SIEM or other centralized destination via Fleet. Events must be enabled. This query will contain the list of all actions related to connecting and removing disks, including SMB drives and USB storage, which can be very useful for investigative purposes.
SELECT * FROM disk_events;Questions?
SOC2 Type 2
