Solutions
Device management
Remotely manage, and protect laptops and mobile devices.
Orchestration
Automate tasks across devices, from app installs to scripts.
Software management
Inventory, patch, and manage installed software.
Extend Fleet
Integrate your favorite tools with Fleet.
Customers
Stripe + Fleet
Stripe consolidates multiple tools with Fleet.
Foursquare + Fleet
Foursquare quickly migrates to Fleet for device management.
What people are saying
Stories from the Fleet community.
Pricing
More
Tables
Fleet uses osquery tables to query operating system, hardware, and software data. Each table provides specific data for analysis and filtering.
Apple
Linux
Windows
ChromeOS
es_process_events
es_process_events EVENTED TABLE
Process execution events from EndpointSecurity.
| Column | Type | Description |
|---|---|---|
| cdhash | text | Codesigning hash of the process |
| child_pid | bigint | Process ID of a child process in case of a fork event |
| cmdline | text | Command line arguments (argv) |
| cmdline_count | bigint | Number of command line arguments |
| codesigning_flags | text | Codesigning flags matching one of these options, in a comma separated list: NOT_VALID, ADHOC, NOT_RUNTIME, INSTALLER. See kern/cs_blobs.h in XNU for descriptions. |
| cwd | text | The process current working directory |
| egid | bigint | Effective Group ID of the process |
| eid | text | Event ID Not returned in SELECT * FROM es_process_events. |
| env | text | Environment variables delimited by spaces |
| env_count | bigint | Number of environment variables |
| euid | bigint | Effective User ID of the process |
| event_type | text | Type of EndpointSecurity event |
| exit_code | integer | Exit code of a process in case of an exit event |
| gid | bigint | Group ID of the process |
| global_seq_num | bigint | Global sequence number |
| original_parent | bigint | Original parent process ID in case of reparenting |
| parent | bigint | Parent process ID |
| parent_pidversion | bigint | The pidversion of the parent process. |
| path | text | Path of executed file |
| pid | bigint | Process (or thread) ID |
| pidversion | bigint | Process ID version |
| platform_binary | integer | Indicates if the binary is Apple signed binary (1) or not (0) |
| responsible_pid | bigint | The pid of the process responsible for this process. |
| responsible_pidversion | bigint | The pidversion of the process responsible for this process. |
| seq_num | bigint | Per event sequence number |
| session_id | bigint | The identifier of the session that contains the process group. |
| signing_id | text | Signature identifier of the process |
| team_id | text | Team identifier of the process |
| time | bigint | Time of execution in UNIX time |
| uid | bigint | User ID of the process |
| username | text | Username |
| version | integer | Version of EndpointSecurity event |
Questions?
SOC2 Type 2
