Osquery uses basic SQL commands to leverage a relational data-model to describe a device.

osquery

on a macOS system I'd like to be able to interrogate a .info file (application configuration file) to ensure a given value is set; the file itself is JSON, so I was hoping the `augeas` table may be used for this purpose, however it appears the path `/Library/Application\ Support/$APPNAME/LogsEx/product.info` cannot be loaded using augeas, I'm going to experiment further however if anyone is aware of how to interrogate a JSON file on disk for a given value using osquery already, the information would be greatly appreciated.

If you can't make progress with augeas, there's always `yara`.

<@U041WKWUATU> thank you! I've now been able to propose SQL similar to the following:

```select * from yara where path = '/Library/Application Support/$APPNAME/LogsEx/product.info' and sigrule = 'rule my_rule {strings: $notallowedbylicense = "notAllowedByLicense" condition: $notallowedbylicense }}'```
Demonstrating that through this yara table can be used to effect the passed sigrule yara rule,

This appears to be working well and delivered the intended functionality.