Solutions
Device management
Remotely manage, and protect laptops and mobile devices.
Orchestration
Automate tasks across devices, from app installs to scripts.
Software management
Inventory, patch, and manage installed software.
Extend Fleet
Integrate your favorite tools with Fleet.
Customers
Stripe + Fleet
Stripe consolidates multiple tools with Fleet.
Foursquare + Fleet
Foursquare quickly migrates to Fleet for device management.
What people are saying
Stories from the Fleet community.
Pricing
More
Tables
Fleet uses osquery tables to query operating system, hardware, and software data. Each table provides specific data for analysis and filtering.
Apple
Linux
Windows
ChromeOS
ntfs_journal_events
ntfs_journal_events EVENTED TABLE
Track time/action changes to files specified in configuration data.
| Column | Type | Description |
|---|---|---|
| action | text | Change action (Write, Delete, etc) |
| category | text | The category that the event originated from |
| drive_letter | text | The drive letter identifying the source journal |
| eid | text | Event ID Not returned in SELECT * FROM ntfs_journal_events. |
| file_attributes | text | File attributes |
| node_ref_number | text | The ordinal that associates a journal record with a filename |
| old_path | text | Old path (renames only) |
| parent_ref_number | text | The ordinal that associates a journal record with a filename's parent directory |
| partial | bigint | Set to 1 if either path or old_path only contains the file or folder name |
| path | text | Path |
| record_timestamp | text | Journal record timestamp |
| record_usn | text | The update sequence number that identifies the journal record |
| time | bigint | Time of file event |
Questions?
SOC2 Type 2
