Hi Team, I want to get the session time or the time when users log in and log out of a system. Is there a way to fetch that using osquery ? I see a logon_sessions table that has login time but does not have logoff time or session duration.

Hey Priya, you can get logon/logoff session information by looking into the windows_events table. Events 4624 and 4647 should have the data you need.