Tables

Fleet uses osquery tables to query operating system, hardware, and software data. Each table provides specific data for analysis and filtering.

Apple

Linux

Windows

ChromeOS

windows_firewall_rules

Provides the list of Windows firewall rules.

Column	Type	Description
action	text	Action for the rule or default setting
app_name	text	Friendly name of the application to which the rule applies
direction	text	Direction of traffic for which the rule applies
enabled	integer	1 if the rule is enabled
grouping	text	Group to which an individual rule belongs
icmp_types_codes	text	ICMP types and codes for the rule
local_addresses	text	Local addresses for the rule
local_ports	text	Local ports for the rule
name	text	Friendly name of the rule
profile_domain	integer	1 if the rule profile type is domain
profile_private	integer	1 if the rule profile type is private
profile_public	integer	1 if the rule profile type is public
protocol	text	IP protocol of the rule
remote_addresses	text	Remote addresses for the rule
remote_ports	text	Remote ports for the rule
service_name	text	Service name property of the application

Example

Controlling inbound access to remote services is essential for maintaining security on a system. This query lists all enabled Windows Firewall rules that allow inbound RDP, WinRM & VNC connections on the public firewall profile.

SELECT name,app_name,local_ports FROM windows_firewall_rules WHERE enabled = 1 AND direction = "In" AND remote_addresses="*" AND profile_public = 1 AND action = "Allow" AND local_ports IN ("3389","5985","5986","5900");