osquery_packs

Information about the current query packs that are loaded in osquery.

Platform support

Please be aware that some queries can only be run against certain platforms. Below is a list of the supported platforms that this query supports. Zercurity will automatically pause queries from running if errors are detected. Running a query against an unsupported platform will result in the following error: no such table: osquery_packs

  • Windows

  • Linux

  • Mac OSX

  • Free BSD

Table schema

Name

Type

Description

name

TEXT

The given name for this query pack

platform

TEXT

Platforms this query is supported on

version

TEXT

Minimum osquery version that this query will run on

shard

INTEGER

Shard restriction limit, 1-100, 0 meaning no restriction

discovery_cache_hits

INTEGER

The number of times that the discovery query used cached values since the last time the config was reloaded

discovery_executions

INTEGER

The number of times that the discovery queries have been executed since the last time the config was reloaded

active

INTEGER

Whether this pack is active (the version, platform and discovery queries match) yes=1, no=0.

Query examples

Select all the results for the given table.

SELECT * FROM osquery_packs;