Does anyone know if `is active` on the `running apps` table

Question

Does anyone know if `is active` on the `running apps` table is cached <https osquery io schema 5 1 0 running apps>

mikermcneil · Answer

Seeing out of date results when testing from a macOS device

seph · Answer

Gotta check source for this slightly smiling face <https github com osquery osquery blob d2be385d71f401c85872f00d479df8f499164c5a osquery tables system darwin running apps mm L43> Looks like it s whatever the underlying macOS API returns

mikermcneil · Answer

Got it thank you