not in the way you’re asking for it, no. you’d have to run an instance of osqueryd in each vm to perform that kind of data collection.

@marpaia please see my follow up reply for this, thank you

depending on how you configure the namespaces, cgroups, etc. you may be able to identify pid groups or some other unique identifier for processes that are “containers”

ok, thank you for the info sorry for taking your . time