A Debian "package", or a Debian archive file, contains the executable files, libraries, and documentation associated with a particular suite of program or set of related programs. Normally, a Debian archive file has a filename that ends in . deb.
NOTE: Linux is not yet in the EAP, so it is unlikely you have any data in the data lake yet.
Schema
| arch | string | Architecture(s) supported |
| name | string | Name of the deb package |
| revision | string | Package revision |
| version | string | Plugin short version |
-- deb_packages INFO SELECT -- Device ID DETAILS meta_hostname, meta_ip_address, -- Query Details query_name, arch, name, revision, version, -- Decoration meta_boot_time, meta_eid, meta_endpoint_type, meta_ip_mask, meta_mac_address, meta_os_name, meta_os_platform, meta_os_type, meta_os_version, meta_public_ip, meta_query_pack_version, meta_username, --- Generic calendar_time, counter, epoch, host_identifier, numerics osquery_action, unix_time, -- Data Lake customer_id, endpoint_id, upload_size FROM xdr_data WHERE query_name = 'deb_packages'
