osquery_info

Top level information about the running version of osquery.

Platform support

Please be aware that some queries can only be run against certain platforms. Below is a list of the supported platforms that this query supports. Zercurity will automatically pause queries from running if errors are detected. Running a query against an unsupported platform will result in the following error: no such table: osquery_info

  • Windows
  • Linux
  • Mac OSX
  • Free BSD

Table schema

Name Type Description
pid INTEGER Process (or thread/handle) ID
uuid TEXT Unique ID provided by the system
instance_id TEXT Unique, long-lived ID per instance of osquery
version TEXT osquery toolkit version
config_hash TEXT Hash of the working configuration state
config_valid INTEGER 1 if the config was loaded and considered valid, else 0
extensions TEXT osquery extensions status
build_platform TEXT osquery toolkit build platform
build_distro TEXT osquery toolkit platform distribution name (os version)
start_time INTEGER UNIX time in seconds when the process started
watcher INTEGER Process (or thread/handle) ID of optional watcher process

Query examples

Select all the results for the given table.

SELECT * FROM osquery_info;