Osquery uses basic SQL commands to leverage a relational data-model to describe a device.

osquery

I am trying out swapping from vanilla osquery to building my installer via fleetctl.  I am able to get a mac registered and the mac is checking in.  However I am trying to use one of the fleet specific tables and they don’t seem to be working. Is there something I am missing?

`distributed.cpp:187] Error executing distributed query: fleet_distributed_query_2627: no such table: falcon_kernel_check`

That particular table is only available on Linux.

Ah, I guess I missed that.  Is there any motion to add that to mac / windows?

On a slightly different note, is there a way to use the orbit version of osquery with the additional tables in an interactive manner?  I know how to use osqueryi with the vanilla osquery and am just starting to experiment with the fleet/orbit  version.