Hi all, I have 2 queries regarding the following osquery tables: • Regarding

windows_crashes

table: When an application is crashed during the login session of user A and I access table from the same user A, I can read this data. But when I try to access the data from this user:

nt authority\system

(This is the local system account that has unrestricted access to all local system resources.), I am not able to fetch data from this table. I am able to fetch data from all other tables using this account/user. Is there a way, I can access the data in this table using this account/user only ? • Regarding

background_activities_moderator

table: When an application is not running from a long time, the data for that application/process is not available in this table. If we close the application now, the data is available after few hours but not after a long time. The use-case is to fetch the last access time of an application (even if it was last used few days back). Or is there some other way to fetch this metric using osquery ? It would be helpful I can get some insights on the above queries. Thanks.