osquery_packs

Information about the current query packs that are loaded in osquery.

Platform support

Please be aware that some queries can only be run against certain platforms. Below is a list of the supported platforms that this query supports. Zercurity will automatically pause queries from running if errors are detected. Running a query against an unsupported platform will result in the following error: no such table: osquery_packs

  • Windows
  • Linux
  • Mac OSX
  • Free BSD

Table schema

Name Type Description
name TEXT The given name for this query pack
platform TEXT Platforms this query is supported on
version TEXT Minimum osquery version that this query will run on
shard INTEGER Shard restriction limit, 1-100, 0 meaning no restriction
discovery_cache_hits INTEGER The number of times that the discovery query used cached values since the last time the config was reloaded
discovery_executions INTEGER The number of times that the discovery queries have been executed since the last time the config was reloaded
active INTEGER Whether this pack is active (the version, platform and discovery queries match) yes=1, no=0.

Query examples

Select all the results for the given table.

SELECT * FROM osquery_packs;