A public collection of skils created by InTheCyber team members.
Osquery-helper is a skill designed to help users write, validate, and troubleshoot osquery queries, using the provided osquery table schemas as the authoritative reference.
Under the resources/ folder, you will find a single consolidated file containing all osquery table schemas merged together. Each table schema is preceded by the appropriate platform support tag (e.g., Windows, Linux, macOS), indicating where the table is available.
Please note that the osquery schema evolves over time, so it is important to keep this file regularly updated to remain aligned with the latest upstream changes.
| Marker | Platforms |
|---|---|
#darwin |
macOS only |
#linux |
Linux only |
#windows |
Windows only |
#linwin |
Linux and Windows |
#macwin |
macOS and Windows |
#posix |
macOS, Linux, FreeBSD |
#sleuthkit |
macOS, Linux (requires The Sleuth Kit) |
#utility |
Cross-platform utility tables |
#cross-platform |
All supported platforms |