-
Notifications
You must be signed in to change notification settings - Fork 0
Home
osquery is an operating system instrumentation framework and toolset for *nix based hosts. osquery makes low-level operating system analytics and monitoring both performant and intuitive.
osquery exposes an operating system as a high-performance relational database. This allows you to write SQL-based queries to explore operating system data.
For more information about the features and capabilities of the osquery toolchain, read the overview page.
If you're interested in installing and using osquery right now, check out the install guide for OS X and Linux.
If you're interested in deploying osquery to provide your organization with deeper insight into your Linux and OS X hosts, check out the using osqueryd guide as well as the deployment guide.
If you're interested in performing ad-hoc operating system analytics, DFIR, etc. then check out the using osqueryi guide.
If you're interested in extending one of the existing osquery products or improving core libraries, read the extensive documentation which can be found on the wiki's right sidebar. You should start with "building the code" and "contributing code".
If you're interest in using osquery's functionality in your own tool, check out the public API documentation.
If you any part of osquery isn't working as expected, please create a GitHub Issue.