osqueryi
  • List the tables
.table
  • To list all the tables with the term user in them
.table user
  • Table schema
.schema users
  • SQL Query Syntax
select gid, uid, description, username, directory from users;

Exploring Installed Programs

select * from programs limit 1;
	
select name, version, install_location, install_date from programs limit 1;

Count

select count(*) from programs;

WHERE Clause

SELECT * FROM users WHERE username='James';

JOIN Function

select p.pid, p.name, p.path, u.username from processes p JOIN users u on u.uid=p.uid LIMIT 10;