Solutions
Device management
Remotely manage, and protect laptops and mobile devices.
Orchestration
Automate tasks across devices, from app installs to scripts.
Software management
Inventory, patch, and manage installed software.
Extend Fleet
Integrate your favorite tools with Fleet.
Customers
Stripe + Fleet
Stripe consolidates multiple tools with Fleet.
Foursquare + Fleet
Foursquare quickly migrates to Fleet for device management.
What people are saying
Stories from the Fleet community.
Pricing
More
Tables
Fleet uses osquery tables to query operating system, hardware, and software data. Each table provides specific data for analysis and filtering.
Apple
Linux
Windows
ChromeOS
ioreg
ioreg
Get values from macOS ioreg command. Columns are input options for the command. They match the ioreg command line tool.
| Column | Type | Description |
|---|---|---|
| c | text | List properties of objects with the given class. |
| d | text | Limit tree to the given depth. |
| fullkey | text | The expanded name of the specific item that describes the value. |
| k | text | List properties of objects with the given key. |
| key | text | A specific item that describes the returned value. |
| n | text | List properties of objects with the given name. |
| p | text | Traverse registry over the given plane (IOService is default). |
| parent | text | The key's parent. |
| query | text | The query is printed in this column. |
| r | text | Show subtrees rooted by the given criteria. |
| value | text | The value for the specified key. |
Example
Find HID Device Protocol data:
WITH protocols as (
SELECT
MAX (case WHEN key = "USB Address" THEN value END) as usb_address,
MAX (case WHEN key = "bDeviceProtocol" THEN value END) as protocol
from ioreg where r=true and c="IOUSBDevice" group by parent
)
SELECT * FROM usb_devices join protocols using (usb_address)Notes
This table is not a core osquery table. It is included as part of fleetd, the osquery manager from Fleet. Code based on work by Kolide.
Questions?
SOC2 Type 2
