-
Notifications
You must be signed in to change notification settings - Fork 0
Home
osquery is an operating system instrumentation toolchain for *nix based hosts. osquery makes low-level operating system analytics and monitoring both performant and intuitive.
osquery exposes an operating system as a high-performance relational database. This allows you to write SQL-based queries to explore operating system data.
For more information about the features and capabilities of the osquery toolchain, read the Overview page.
Getting started with osquery is easy, regardless of if you'd like to extend osquery or use the pre-built, open source tools.
If you're interested in installing and using osquery right now, check out the install guide for OS X and Linux.
If you're interested in deploying osquery to provide your organization with deeper insight into your Linux and OS X hosts, check out the deployment guide.
If you're interested in performing ad-hoc operating system analytics, DFIR, etc. then check out the analytics guide.
If you're interested in extending one of the existing osquery products or improving core libraries, read the extensive documentation which can be found on the wiki's right sidebar. You should start with "building the code".
If you're interest in using osquery's functionality in your own tool, check out the public API documentation.
If you any part of osquery isn't working as expected, please create a GitHub Issue.
You can find the osquery core team as well as users of the toolchain in #osquery on freenode. Keep up with design decisions and project communication in the Facebook Group.