osquery_packs¶
Information about the current query packs that are loaded in osquery.
Platform support¶
Please be aware that some queries can only be run against certain platforms. Below is a list of the supported platforms that this query supports. Zercurity will automatically pause queries from running if errors are detected. Running a query against an unsupported platform will result in the following error: no such table: osquery_packs
- Windows
- Linux
- Mac OSX
- Free BSD
Table schema¶
Name | Type | Description |
---|---|---|
name | TEXT | The given name for this query pack |
platform | TEXT | Platforms this query is supported on |
version | TEXT | Minimum osquery version that this query will run on |
shard | INTEGER | Shard restriction limit, 1-100, 0 meaning no restriction |
discovery_cache_hits | INTEGER | The number of times that the discovery query used cached values since the last time the config was reloaded |
discovery_executions | INTEGER | The number of times that the discovery queries have been executed since the last time the config was reloaded |
active | INTEGER | Whether this pack is active (the version, platform and discovery queries match) yes=1, no=0. |