Table: tailscale_device
A Tailscale device is any computer in the Tailnet.
Examples
Basic info
select id, name, addresses, hostname, created, userfrom tailscale_device;
Device count per OS
select os, count(*)from tailscale_devicegroup by osorder by count desc;
Device details of a particular user
select name, id, created, expires, hostnamefrom tailscale_device dwhere d.user = 'luis@turbot.com'order by d.name;
Unauthorized devices
select name, id, created, expires, hostnamefrom tailscale.tailscale_device dwhere d.authorized = false;
Devices without tags
select name, id, hostnamefrom tailscale_devicewhere tags is null;
Devices that block incoming connections
select name, id, os, user, created, tailnet_namefrom tailscale_devicewhere blocks_incoming_connections;
External devices
select name, id, os, user, created, tailnet_namefrom tailscale_devicewhere is_external;
Devices that have been inactive for the last 90 days
select name, id, os, user, created, tailnet_name, last_seenfrom tailscale_devicewhere last_seen <= (now() - interval '90' day);
Devices that will expire in the next 90 days
select name, id, os, user, created, tailnet_name, expiresfrom tailscale_devicewhere expires <= (now() + interval '90' day);
Devices running on older Tailscale client versions
select name, id, os, user, created, tailnet_namefrom tailscale_devicewhere update_available;
Control examples
- security_best_practices_device_authorization_enabled
- security_best_practices_device_node_key_expire
- security_best_practices_device_upgrade_clients_in_timely_manner
- security_best_practices_tailnet_acl_tags_used
.inspect tailscale_device
A Tailscale Device represents the devices under a tailnet.
Name | Type | Description |
---|---|---|
_ctx | jsonb | Steampipe context in JSON form, e.g. connection_name. |
addresses | jsonb | The list of device's IPs. |
authorized | boolean | Whether the device is authorized. |
blocks_incoming_connections | boolean | Whether the device blocks incoming connections. |
client_version | text | Version of the client. |
created | timestamp with time zone | Device creation time. |
device_subnet_routes | jsonb | A list of the device subnet routes. |
expires | timestamp with time zone | Device expiry time. |
hostname | text | Name of the host. |
id | text | An unique identifier of the device. |
is_external | boolean | Whether the device is external. |
key_expiry_disabled | boolean | Whether the key expiration is disabled. |
last_seen | timestamp with time zone | Device last active time. |
machine_key | text | Machine key of the device. |
name | text | The name of the device. |
node_key | text | Node key of the device. |
os | text | OS information of the device. |
tags | jsonb | The tags applied to the device. |
tailnet_name | text | The name of your tailnet. |
title | text | Title of the resource. |
update_available | boolean | Whether an update is available. |
user | text | Name of the owner of the device. |