Tables

Fleet uses osquery tables to query operating system, hardware, and software data. Each table provides specific data for analysis and filtering.

Apple

Linux

Windows

ChromeOS

system_extensions

macOS (>= 10.15) system extension table.

Column	Type	Description
UUID	text	Extension unique id
bundle_path	text	System extension bundle path
category	text	System extension category
identifier	text	Identifier name
mdm_managed	integer	1 if managed by MDM system extension payload configuration, 0 otherwise
path	text	Original path of system extension
state	text	System extension state
team	text	Signing team ID
version	text	System extension version

Example

Identify the signature status of system extensions not managed via MDM:

SELECT se.identifier, se.bundle_path, se.category, se.state, s.signed FROM system_extensions se JOIN signature s on s.path = se.bundle_path WHERE se.mdm_managed='0';

Perform a health check on a Jamf Protect installation:

SELECT 1 
WHERE 
  (EXISTS (SELECT 1 FROM processes WHERE name = 'JamfProtectAgent') OR ( SELECT total_seconds FROM uptime ) <= 300 )
  AND EXISTS (SELECT 1 FROM system_extensions WHERE identifier = 'com.jamf.protect.security-extension')
  AND EXISTS (SELECT 1 FROM apps WHERE path = '/Applications/JamfProtect.app');

Edit page

Questions?

Ask us anything

Solutions Device management Orchestration Software management Integrations Pricing

Documentation Support Docs API Release notes Get your license

Company About Trust Jobs Logos/artwork Why open source?

SOC2 Type 2