The interactive version of osquery, osqueryi, is a stand-alone console shell. Osquery uses SQL tables to represent abstract concepts such as running processes, loaded kernel modules, open network connections, browser plugins, hardware events, and file hashes. Your team can write SQL-based queries to explore data across all operating systems and infrastructure. The exciting news for users? With osquery, running queries no longer requires specialized expertise. Osquery simplifies the process of understanding your infrastructure by exposing an operating system as a high-performance relational database.
It delivers a single-agent solution using a universal query language to collect rich datasets for multiple use cases.
Osquery is an operating system instrumentation agent that provides a unique and refreshing approach to security.
