Solutions
Device management
Remotely manage, and protect laptops and mobile devices.
Orchestration
Automate tasks across devices, from app installs to scripts.
Software management
Inventory, patch, and manage installed software.
Extend Fleet
Integrate your favorite tools with Fleet.
Customers
Stripe + Fleet
Stripe consolidates multiple tools with Fleet.
Foursquare + Fleet
Foursquare quickly migrates to Fleet for device management.
What people are saying
Stories from the Fleet community.
Pricing
More
Tables
Fleet uses osquery tables to query operating system, hardware, and software data. Each table provides specific data for analysis and filtering.
Apple
Linux
Windows
ChromeOS
disk_events
disk_events EVENTED TABLE
Track DMG disk image events (appearance/disappearance) when opened.
| Column | Type | Description |
|---|---|---|
| action | text | Appear or disappear |
| checksum | text | UDIF Master checksum if available (CRC32) |
| content | text | Disk event content |
| device | text | Disk event BSD name |
| eid | text | Event ID Not returned in SELECT * FROM disk_events. |
| ejectable | integer | 1 if ejectable, 0 if not |
| filesystem | text | Filesystem if available |
| media_name | text | Disk event media name string |
| mountable | integer | 1 if mountable, 0 if not |
| name | text | Disk event name |
| path | text | Path of the DMG file accessed |
| size | bigint | Size of partition in bytes |
| time | bigint | Time of appearance/disappearance in UNIX time |
| uuid | text | UUID of the volume inside DMG if available |
| vendor | text | Disk event vendor string |
| writable | integer | 1 if writable, 0 if not |
Example
This is an evented table, and as such, is more useful if you are sending osquery logs to a SIEM or other centralized destination via Fleet. Events must be enabled. This query will contain the list of all actions related to connecting and removing disks, including SMB drives and USB storage, which can be very useful for investigative purposes.
SELECT * FROM disk_events;Questions?
SOC2 Type 2
