osqueryi- List the tables
.table- To list all the tables with the term
userin them
.table user- Table schema
.schema users- SQL Query Syntax
select gid, uid, description, username, directory from users;Exploring Installed Programs
select * from programs limit 1;
select name, version, install_location, install_date from programs limit 1;Count
select count(*) from programs;WHERE Clause
SELECT * FROM users WHERE username='James';JOIN Function
select p.pid, p.name, p.path, u.username from processes p JOIN users u on u.uid=p.uid LIMIT 10;