Solutions
Device management
Remotely manage, and protect laptops and mobile devices.
Orchestration
Automate tasks across devices, from app installs to scripts.
Software management
Inventory, patch, and manage installed software.
Infrastructure as code
See every change, undo any error, repeat every success.
Extend Fleet
Integrate your favorite tools with Fleet.
Customers
Pricing
More
Device management
Remotely manage, and protect laptops and mobile devices.
Orchestration
Automate tasks across devices, from app installs to scripts.
Software management
Inventory, patch, and manage installed software.
Infrastructure as code
See every change, undo any error, repeat every success.
Extend Fleet
Integrate your favorite tools with Fleet.
Tables
Fleet uses osquery tables to query operating system, hardware, and software data. Each table provides specific data for analysis and filtering.
Apple
Linux
Windows
ChromeOS
powershell_events
powershell_events EVENTED TABLE
Powershell script blocks reconstructed to their full script content, this table requires script block logging to be enabled.
| Column | Type | Description |
|---|---|---|
| cosine_similarity | double | How similar the Powershell script is to a provided 'normal' character frequency |
| datetime | text | System time at which the Powershell script event occurred |
| script_block_count | integer | The total number of script blocks for this script |
| script_block_id | text | The unique GUID of the powershell script to which this block belongs |
| script_name | text | The name of the Powershell script |
| script_path | text | The path for the Powershell script |
| script_text | text | The text content of the Powershell script |
| time | bigint | Timestamp the event was received by the osquery event publisher |
Example
select * from powershell_events where cosine_similarity < 0.25;Questions?
SOC2 Type 2
