Fleet logo
Menu An icon indicating that interacting with this button will open the navigation menu.
Fleet logo An 'X' icon indicating that this can be interacted with to close the navigation menu.
Multi platform
Device management + MDM Orchestration + monitoring Software management + CVEs, usage, app library Integrations
Docs
Stories
News Ask around Meetups Schedule a demo Share your story COMPANY The handbook Testimonials
Pricing Try it yourself

Tables

Fleet uses osquery tables to query operating system, hardware, and software data. Each table provides specific data for analysis and filtering.

macOS Apple

Linux Linux

Windows Windows

Chrome ChromeOS

security_profile_info

click to open the table of contents
Windows logo

security​_profile​_info

Information on the security profile of a given system by listing the system Account and Audit Policies. This table mimics the exported securitypolicy output from the secedit tool.

Column Type Description
audit_account_logon integer Determines whether the operating system MUST audit each time this computer validates the credentials of an account
audit_account_manage integer Determines whether the operating system MUST audit each event of account management on a computer
audit_ds_access integer Determines whether the operating system MUST audit each instance of user attempts to access an Active Directory object that has its own system access control list (SACL) specified
audit_logon_events integer Determines whether the operating system MUST audit each instance of a user attempt to log on or log off this computer
audit_object_access integer Determines whether the operating system MUST audit each instance of user attempts to access a non-Active Directory object that has its own SACL specified
audit_policy_change integer Determines whether the operating system MUST audit each instance of user attempts to change user rights assignment policy, audit policy, account policy, or trust policy
audit_privilege_use integer Determines whether the operating system MUST audit each instance of user attempts to exercise a user right
audit_process_tracking integer Determines whether the operating system MUST audit process-related events
audit_system_events integer Determines whether the operating system MUST audit System Change, System Startup, System Shutdown, Authentication Component Load, and Loss or Excess of Security events
clear_text_password integer Determines whether passwords MUST be stored by using reversible encryption
enable_admin_account integer Determines whether the Administrator account on the local computer is enabled
enable_guest_account integer Determines whether the Guest account on the local computer is enabled
force_logoff_when_expire integer Determines whether SMB client sessions with the SMB server will be forcibly disconnected when the client's logon hours expire
lockout_bad_count integer Number of failed logon attempts after which a user account MUST be locked out
logon_to_change_password integer Determines if logon session is required to change the password
lsa_anonymous_name_lookup integer Determines if an anonymous user is allowed to query the local LSA policy
maximum_password_age integer Determines the maximum number of days that a password can be used before the client requires the user to change it
minimum_password_age integer Determines the minimum number of days that a password must be used before the user can change it
minimum_password_length integer Determines the least number of characters that can make up a password for a user account
new_administrator_name text Determines the name of the Administrator account on the local computer
new_guest_name text Determines the name of the Guest account on the local computer
password_complexity integer Determines whether passwords must meet a series of strong-password guidelines
password_history_size integer Number of unique new passwords that must be associated with a user account before an old password can be reused
Edit page

Questions?

Ask us anything
{{table.title}} evented table