Brief Auto Table Construction docs (#2249)

2026-05-23 08:58:41 +00:00 · 2020-06-30 09:18:50 -07:00 · 2020-06-30 09:18:50 -07:00 · b5b43e7aa7
commit b5b43e7aa7
parent 755f63f8c0
1 changed files with 26 additions and 0 deletions
--- a/docs/cli/file-format.md
+++ b/docs/cli/file-format.md
@ -231,6 +231,32 @@ spec:
          interval:
            3600: "SELECT total_seconds AS uptime FROM uptime"
 ```
+
+### Auto Table Construction
+
+You can use Kolide Fleet to query local SQLite databases as tables. For more information on creating ATC configuration from a SQLite database, see the [Osquery Automatic Table Construction documentation](https://osquery.readthedocs.io/en/stable/deployment/configuration/#automatic-table-construction)
+
+If you already know what your ATC configuration needs to look like, you can add it to an options config file:
+
+```yaml
+apiVersion: v1
+kind: options
+spec:
+  overrides:
+    platforms:
+      darwin:
+        auto_table_construction:
+          tcc_system_entries:
+            query: "select service, client, allowed, prompt_count, last_modified from access"
+            path: "/Library/Application Support/com.apple.TCC/TCC.db"
+            columns:
+              - "service"
+              - "client"
+              - "allowed"
+              - "prompt_count"
+              - "last_modified"
+```
+
 ## Fleet Configuration Options
 The following file describes configuration options applied to the Fleet server.