Elgato_dark/fleet
1
0
Fork 0
mirror of https://github.com/fleetdm/fleet synced 2026-05-23 08:58:41 +00:00
Code Issues Projects Releases Packages Wiki Activity Actions 111
fleet/schema/tables/package_install_history.yml
Brock Walters c9ebab7cac
Update package_install_history.yml (#19635) 
Update package_install_history per #16993
2024-06-11 11:56:22 -04:00

25 lines
1,014 B
YAML
Raw Blame History

This file contains ambiguous Unicode characters

This file contains Unicode characters that might be confused with other characters. If you think that this is intentional, you can safely ignore this warning. Use the Escape button to reveal them.

name: package_install_history
description: The `package_install_history` table provides a detailed log of all packages installled on macOS.
examples: |-
Basic query:
```
SELECT name,package_id,version,source,datetime(time,'unixepoch') AS install_time FROM package_install_history WHERE install_time >= datetime('now','-7 days');
```
This query fetches the following data for a macOS package:
- Name
- Package ID
- Version
- Source
- Install time
The `WHERE` clause filters the results to show only packages installed in the past 7 days.
notes: |-
Monitoring the macOS package install history is useful for:
- Regularly checking for newly installed packages and identifying suspicious software
- Verifying that only approved packages are installed
- Creating a Fleet policy to receive alerts for any unauthorized or vulnerable installations
Apples [installer package documentation](https://developer.apple.com/documentation/xcode/packaging-mac-software-for-distribution)
Reference in a new issue View git blame Copy permalink