does anyone ship custom osquery tables with their fleet installs today? it seems supported but wanted to know if there were any real hairy details

Yup we do and have for a couple of years. Has worked well so far

sweet, awesome to hear! do you happen to do this with only linux or windows/mac too?

Only linux at the moment

same here, Linux only, but it seems to work well - we install them alongside osquery itself, and they are then available for Fleet to query, though of course it doesn’t show the schema of the custom tables because it doesn’t know it

yea that's alright. do either of you use orbit or just manage osquery directly?

We do both. We have a couple thousand where we manage osquery alone as we don't like unscheduled change there and then 10k+ where orbit just takes care of it. It would be nice if we could tell fleet about our custom tables so that the UI querying is a nicer experience.

@Stephan M These tables you ship, do they reset when fleet is restarted?

we do it directly because we already had automation in place

Are these tables added by a plugin/extension to osquery?

In our case we have puppet lay down the extensions. In terms of the reset during a restart, I'm not sure. I wouldn't expect it to because as far as I understand it there is a local DB kept in osquery where these results are kept and that survives a restart but I'm not 100% sure