Tables
Fleet uses osquery tables to query operating system, hardware, and software data. Each table provides specific data for analysis and filtering.
Apple
Linux
Windows
ChromeOS
shared_resources
shared_resources
Displays shared resources on a computer system running Windows. This may be a disk drive, printer, interprocess communication, or other sharable device.
| Column | Type | Description |
|---|---|---|
| allow_maximum | integer | Number of concurrent users for this resource has been limited. If True, the value in the MaximumAllowed property is ignored. |
| description | text | A textual description of the object |
| install_date | text | Indicates when the object was installed. Lack of a value does not indicate that the object is not installed. |
| maximum_allowed | bigint | Limit on the maximum number of users allowed to use this resource concurrently. The value is only valid if the AllowMaximum property is set to FALSE. |
| name | text | Alias given to a path set up as a share on a computer system running Windows. |
| path | text | Local path of the Windows share. |
| status | text | String that indicates the current status of the object. |
| type | bigint | Type of resource being shared. Types include: disk drives, print queues, interprocess communications (IPC), and general devices. |
| type_name | text | Human readable value for the 'type' column |
Example
Network shares with loose access controls are common places that leak sensitive information. This query looks for shared drives on Windows systems that likely contain sensitive data, by listing all shared folders that have the word backup in their name. This does not include ADMIN$ type shares.
SELECT description,name,path FROM shared_resources WHERE type = 0 and name like '%backup%';Notes
type_nameis a human readable value of the type column. These values can include: "Disk Drive Admin", "IPC Admin", "Disk Drive"
Edit page
Ask us anything
Questions?
SOC2 Type 2
© 2025 Fleet Inc.
Privacy
