Osquery uses basic SQL commands to leverage a relational data-model to describe a device.

osquery

How far does the Fleet schema diverge from that in the base osquery schema? For example, should I expect all of stock osquery to be available in Fleet, but with some extra Fleet goodness?

Greetings <@UC1Q8CTSL>,
Fleet supports all of osquery's schema plus additional extended tables if using the fleetd agent (or own custom extensions).
<https://fleetdm.com/tables/> - currently 325 tables
<https://osquery.io/schema/> - currently 277 tables

For documentation purposes, is there an easy way to delineate which tables are exclusive to Fleet?

Do not think Fleet displays specific `fleetd` extension tables <@UC1Q8CTSL>.
Fleet is open source and can find our schema in a <https://github.com/fleetdm/fleet/blob/main/schema/osquery_fleet_schema.json|handy JSON> (this is what populates the site).

Ran some `jq`, and believe there might be some overlap but it is a good start   -
`jq '.[] | select(.notes | index("This table is not a core osquery")) | .name' osquery_fleet_schema.json`

To get the fleetd list of _extended tables_
```"apfs_physical_stores"
"apfs_volumes"
"app_icons"
"authdb"
"cis_audit"
"corestorage_logical_volume_families"
"corestorage_logical_volumes"
"cryptoinfo"
"cryptsetup_status"
"csrutil_info"
"dscl"
"falcon_kernel_check"
"falconctl_options"
"file_lines"
"filevault_prk"
"filevault_status"
"filevault_users"
"find_cmd"
"firefox_preferences"
"firmware_eficheck_integrity_check"
"firmwarepasswd"
"geolocation"
"google_chrome_profiles"
"icloud_private_relay"
"ioreg"
"macadmins_unified_log"
"macos_profiles"
"macos_rsr"
"mdm"
"mdm_bridge"
"munki_info"
"munki_installs"
"network_interfaces"
"nvram_info"
"orbit_info"
"parse_ini"
"parse_json"
"parse_jsonl"
"parse_xml"
"pmset"
"privacy_preferences"
"puppet_info"
"puppet_logs"
"puppet_state"
"pwd_policy"
"sntp_request"
"software_update"
"sudo_info"
"system_info"
"system_state"
"user_login_settings"
"windows_updates"```


So that JSON file is the conical schema for Fleet?

In a way, somewhat, maybe could think of it that way.
The first step in generating that JSON is pulling directly from the osquery repository. Then the Fleet extension tables, examples, and other keys are added.