Solutions
Device management
Remotely manage, and protect laptops and mobile devices.
Orchestration
Automate tasks across devices, from app installs to scripts.
Software management
Inventory, patch, and manage installed software.
Extend Fleet
Integrate your favorite tools with Fleet.
Customers
Stripe + Fleet
Stripe moved 10,000 Macs to Fleet, saving hundreds of thousands annually
Foursquare + Fleet
Foursquare quickly migrates to Fleet for device management.
Faire + Fleet
Faire secures Macs with CIS benchmarks and Fleet
What people are saying
Stories from the Fleet community.
Pricing
More
Tables
Fleet uses osquery tables to query operating system, hardware, and software data. Each table provides specific data for analysis and filtering.
Apple
Linux
Windows
ChromeOS
yara
yara
Triggers one-off YARA query for files at the specified path. Requires one of sig_group, sigfile, or sigrule.
| Column | Type | Description |
|---|---|---|
| count | integer | Number of YARA matches.
Note that count is a reserved word and should be wrapped in quotes when referencing this column in a query. |
| matches | text | List of YARA matches |
| path | text | The path scanned Required in WHERE clause |
| pid_with_namespace | integer | Pids that contain a namespace Not returned in SELECT * FROM yara.Only available on linux |
| sig_group | text | Signature group used |
| sigfile | text | Signature file used |
| sigrule | text | Signature strings used Not returned in SELECT * FROM yara. |
| sigurl | text | Signature url Not returned in SELECT * FROM yara. |
| strings | text | Matching strings |
| tags | text | Matching tags |
Example
Look for files under /root that match a Yara signature. This example uses the EICAR test file.
SELECT * FROM yara WHERE path like '/root/%%' AND sigrule IN (
'rule eicar {
strings:
$s1 = "X5O!P%@AP[4\\PZX54(P^)7CC)7}$EICAR-STANDARD-ANTIVIRUS-TEST-FILE!$H+H*" fullword ascii
condition:
all of them
}'
) AND matches='eicar';Questions?
SOC2 Type 2
