Process and socket auditing with osquery Linux process auditing Linux socket auditing Troubleshooting Auditing on Linux User events macOS process auditing osquery events optim...
Writing a test Building a test All commits to osquery should be well unit-tested. Having tests is useful for many reasons. In addition to the subtle advantage of being able to a...
Example: Filesystem config Using the plugin For details on how osqueryd schedules queries and loads information from a config, see the configuration deployment guide. You may...
Installing osquery Running osquery A 'universal' Linux package can be created for each package distribution system. These packages contain the osquery daemon, shell, example con...
SQL as understood by osquery Shell help Your first query Tables with arguments SQL additions Table and column name deprecations Everything in SQL! It may seem weird at firs...
Flagfile Configuration control flags Daemon control flags Backing storage control flags Extensions control flags Remote settings flags (optional) Daemon runtime control flags...
Example FIM Config Sample Event Output Tuning Linux inotify limits Example sysctl.conf modifications File Accesses Process File Accesses on macOS File integrity monitoring (...
Logger plugins Status logs Results logs Differential logs Snapshot logs Logging as a Kafka producer. Configuration Schedule results Event format Snapshot format Batch form...