We’re launching free support for BYOD Android devices and looking for early feedback. Interested?
Fleet uses osquery tables to query operating system, hardware, and software data. Each table provides specific data for analysis and filtering.
keychain_acls
Applications that have ACL entries in the keychain. NOTE: osquery limits frequent access to keychain files. This limit is controlled by keychain_access_interval flag.
Column | Type | Description |
---|---|---|
authorizations | text | A space delimited set of authorization attributes |
description | text | The description included with the ACL entry |
keychain_path | text | The path of the keychain |
label | text | An optional label tag that may be included with the keychain entry |
path | text | The path of the authorized application |
Identify keychain items with permissions granted to Applications at the system or user level.
SELECT * FROM keychain_acls WHERE path LIKE '/System/Applications/%%' OR path LIKE '/Users/%%/Applications/%%';