Channels
android_tests
apple-silicon
arm-architecture
auditing-warroom
aws
carving
code-review
community-feeds
core
darkbytes
doorman
ebpf
eclecticiq-polylogyx-extension
extensions
file-carving
fim
fleet
fleet-dev
fleetosquery
foundation
fuzzing
general
golang
goquery
infrastructure
jobs
kolide
linen-dev
linux
macos
officehours
osctrl
plugins
process-auditing
querycon
queryhub
random
selfgroup
sql
tls
uptycs
vendor-feeds
website
windows
zeek
zentral
zercurity
Title
r
R0n
01/23/2019, 7:11 PMSELECT * FROM file WHERE filename LIKE "%example%"f
fritz
01/24/2019, 7:17 PMHey @R0n it looks like you probably already read the Spotlight article (based on your reference of the "file table" blog artlce), but in case you haven't, it discusses how to search for files on macOS using mdfind as Zach suggested:
https://blog.kolide.com/spotlight-search-across-every-mac-in-your-fleet-with-osquery-55789c765986
SELECT f.path FROM file AS f
JOIN mdfind ON mdfind.path = f.path
AND mdfind.query = "kMDItemFSName == '*backup*'"r
R0n
01/25/2019, 2:43 PMthis would work for Mac, i was looking into windows hosts. I had to be more specific to get the file list from the folder i specified in the query.