OSQuery is a sleek, intuitive, and powerful front-end framework for faster and easier operating system instrumentation for Windows, OS X (macOS), Linux, and FreeBSD.
OSQuery exposes an operating system as a high-performance relational database. This allows you to write SQL queries to explore operating system data.
With osquery, SQL tables represent abstract concepts such as running processes, loaded kernel modules, open network connections, browser plugins, hardware events or file hashes.
OSQueries »
.
Report bug
·
Request feature
·
Explore OSQuery docs
Within this repo you'll find the following directories and files, logically grouping common osquery tasks with other useful documentation and providing both compiled and minified variations of osquery selects. You'll see something like this:
osquery/
└── main/
├── osqueries/
│ ├── asset_info.md
│ ├── fim.md
│ ├── threat_hunting.md
│ └── compliance.md
│── docs
└── issues/
├── bug_report.md
└── feature_request.md