Omitting these system accounts alone will often not be enough, and you may want to exclude additional accounts based on things like their shell (eg.

/usr/bin/false

):

osquery> SELECT uid, username, shell FROM users WHERE SUBSTR(uuid,1,8) != 'FFFFEEEE';
+-----+-----------------+----------------+
| uid | username        | shell          |
+-----+-----------------+----------------+
| 503 | _BGMXPCHelper   | /usr/bin/false | <-----
| 502 | fritz-imac      | /bin/zsh       |
| 501 | kolide-imac-pro | /bin/bash      |
| 504 | macports        | /usr/bin/false | <-----
+-----+-----------------+----------------+