include/osquery/filesystem.h contains utilities for accessing the filesystem. Consider the following example for reading a file from the filesystem: #include <iostream> #in...

Remote authentication Simple shared secret enrollment TLS client-auth enrollment Remote server API Remote logging buffering Server testing Example projects osquery's remote...

Executing SQL queries Getting help osqueryi is the osquery interactive query console/shell. In this mode, it is completely standalone, does not communicate with a daemon, and d...

Running the shell or daemon in verbose mode Running the daemon in the foreground Checking the config sanity Scheduled query failures and the watchdog Checking the database sani...

The easiest way to install osquery on FreeBSD is via the ports tree. Check FreshPorts for the latest version information. # from ports cd / usr / ports / sysutils / osquery ...

Example: glog logger Using the plugin For details on how osqueryd schedules queries and loads information from a config, see the configuration deployment guide. If you would l...

Query and table usage Architecture Example: inotify Event Subscribers Most of osquery's virtual tables are generated when an SQL statement requests data. For example, the time...

Testing query performance Continuous Build Virtual table blacklist Deployment profiling Wishlist Performance is a core feature of osquery's visibility capability. However, th...

Looking at the logs Case-study: WireLurker An osquery deployment can help you establish an infrastructural baseline, allowing you to detect malicious activity using scheduled qu...

DevOps CDN feature toggles Tools DevOps CDN Akamai AWS CloudFront + S3 cloudflare feature toggles launchdarkly split.io Tools osquery - sql for your devices...