Tables
Fleet uses osquery tables to query operating system, hardware, and software data. Each table provides specific data for analysis and filtering.
Apple
Linux
Windows
ChromeOS
security_profile_info
security_profile_info
Information on the security profile of a given system by listing the system Account and Audit Policies. This table mimics the exported securitypolicy output from the secedit tool.
| Column | Type | Description |
|---|---|---|
| audit_account_logon | integer | Determines whether the operating system MUST audit each time this computer validates the credentials of an account |
| audit_account_manage | integer | Determines whether the operating system MUST audit each event of account management on a computer |
| audit_ds_access | integer | Determines whether the operating system MUST audit each instance of user attempts to access an Active Directory object that has its own system access control list (SACL) specified |
| audit_logon_events | integer | Determines whether the operating system MUST audit each instance of a user attempt to log on or log off this computer |
| audit_object_access | integer | Determines whether the operating system MUST audit each instance of user attempts to access a non-Active Directory object that has its own SACL specified |
| audit_policy_change | integer | Determines whether the operating system MUST audit each instance of user attempts to change user rights assignment policy, audit policy, account policy, or trust policy |
| audit_privilege_use | integer | Determines whether the operating system MUST audit each instance of user attempts to exercise a user right |
| audit_process_tracking | integer | Determines whether the operating system MUST audit process-related events |
| audit_system_events | integer | Determines whether the operating system MUST audit System Change, System Startup, System Shutdown, Authentication Component Load, and Loss or Excess of Security events |
| clear_text_password | integer | Determines whether passwords MUST be stored by using reversible encryption |
| enable_admin_account | integer | Determines whether the Administrator account on the local computer is enabled |
| enable_guest_account | integer | Determines whether the Guest account on the local computer is enabled |
| force_logoff_when_expire | integer | Determines whether SMB client sessions with the SMB server will be forcibly disconnected when the client's logon hours expire |
| lockout_bad_count | integer | Number of failed logon attempts after which a user account MUST be locked out |
| logon_to_change_password | integer | Determines if logon session is required to change the password |
| lsa_anonymous_name_lookup | integer | Determines if an anonymous user is allowed to query the local LSA policy |
| maximum_password_age | integer | Determines the maximum number of days that a password can be used before the client requires the user to change it |
| minimum_password_age | integer | Determines the minimum number of days that a password must be used before the user can change it |
| minimum_password_length | integer | Determines the least number of characters that can make up a password for a user account |
| new_administrator_name | text | Determines the name of the Administrator account on the local computer |
| new_guest_name | text | Determines the name of the Guest account on the local computer |
| password_complexity | integer | Determines whether passwords must meet a series of strong-password guidelines |
| password_history_size | integer | Number of unique new passwords that must be associated with a user account before an old password can be reused |
Edit page
Ask us anything
Questions?
SOC2 Type 2
© 2025 Fleet Inc.
Privacy
