1.9 KiB
osquery is an operating system instrumentation framework for Windows, OS X (macOS), Linux, and FreeBSD. The tools make low-level operating system analytics and monitoring both performant and intuitive.
osquery exposes an operating system as a high-performance relational database. This allows you to write SQL queries to explore operating system data. With osquery, SQL tables represent abstract concepts such as running processes, loaded kernel modules, open network connections, browser plugins, hardware events or file hashes.
Getting Started
If you're interested in installing osquery check out the install guide for Windows, OS X, Linux, and FreeBSD.
If you're interested in deploying osquery to provide your organization with deeper insight into your Linux, FreeBSD, OS X, and Windows hosts check out the using osqueryd guide. If you're interested in performing ad-hoc queries and exploring tables, check out using osqueryi.
If you're interested in extending one of the existing osquery tools or improving core libraries, read the developer documentation pages. You should start with "building the code" and "contributing code".
If you're interested in integrating osquery into your own tool, check out the osquery SDK.
Getting help
If any part of osquery is not working as expected, please create a GitHub Issue. Keep in touch with osquery developers and users in our Slack https://osquery-slack.herokuapp.com/.
If you have long-form questions, please email osquery@fb.com.