Tables
Fleet uses osquery tables to query operating system, hardware, and software data. Each table provides specific data for analysis and filtering.
Apple
Linux
Windows
ChromeOS
system_extensions
system_extensions
macOS (>= 10.15) system extension table.
| Column | Type | Description |
|---|---|---|
| UUID | text | Extension unique id |
| bundle_path | text | System extension bundle path |
| category | text | System extension category |
| identifier | text | Identifier name |
| mdm_managed | integer | 1 if managed by MDM system extension payload configuration, 0 otherwise |
| path | text | Original path of system extension |
| state | text | System extension state |
| team | text | Signing team ID |
| version | text | System extension version |
Example
Identify the signature status of system extensions not managed via MDM:
SELECT se.identifier, se.bundle_path, se.category, se.state, s.signed FROM system_extensions se JOIN signature s on s.path = se.bundle_path WHERE se.mdm_managed='0';Perform a health check on a Jamf Protect installation:
SELECT 1
WHERE
(EXISTS (SELECT 1 FROM processes WHERE name = 'JamfProtectAgent') OR ( SELECT total_seconds FROM uptime ) <= 300 )
AND EXISTS (SELECT 1 FROM system_extensions WHERE identifier = 'com.jamf.protect.security-extension')
AND EXISTS (SELECT 1 FROM apps WHERE path = '/Applications/JamfProtect.app');
Edit page
Ask us anything
Questions?
SOC2 Type 2
© 2025 Fleet Inc.
Privacy
