Osquery uses basic SQL commands to leverage a relational data-model to describe a device.

osquery

I know Policies are pretty new, but is there a way to retrieve which hosts are Pass/failing a certain Policy from fleetctl ?

Hi Keith! I will check with the team but I don't think we have such functionality exposed in `fleetctl` .

On a related note: We are currently working on "policy automations", to configure webhooks when fleet detects hosts are failing configured policies.

I got the following from the team:
&gt; `fleetctl get hosts --yaml` returns issues with a count of how many failing policies, but nothing more detailed than that

(The info is available via the API though, use the <https://fleetdm.com/docs/using-fleet/rest-api#list-hosts|List Hosts> endpoint with the `policy_id` and `policy_response` filters.)

After some testing we actually found it's possible :slightly_smiling_face:
`fleetctl get hosts $hostname`
This will list all the information of a host, including the list of passing and failing policies.