Osquery uses basic SQL commands to leverage a relational data-model to describe a device.

osquery

Hello, just for testing purposes, from top of your head, is there some column in osquery tables that typically contains array rather than simple value?

Even dns_server_search_order in table interface_details is stored as text. Weird.

Almost none. Historically, I don’t think osquery did anything that fancy.

The only thing I can think of, is the very recent `windows_search` table which uses json objects for additional data.