Performant Endpoint Visibility

osquery allows you to easily ask questions about your Linux and OSX infrastructure. Whether your goal is intrusion detection, infrastructure reliability, or compliance, osquery gives you the ability to empower and inform a broad set of organizations within your company.

Read the deployment guide
or start contributing!

osquery> SELECT uid, name FROM listening_ports l, processes p WHERE l.pid=p.pid;

osquery gives you the ability to query and log things like running processes, logged in users, password changes, usb devices, firewall exceptions, listening ports, and more.
You can perform ad-hoc queries or schedule them. More details can be found here


Enterprise Ready

CentOS, Ubuntu LTS and OSX are supported with no dependencies. osquery powers some of the most demanding companies, including Facebook.

Differential Changes

Know when critical objects are added, modified or deleted from a system.

Feature Velocity

You control the roadmap. Developed in the open, by the community, for the community.


Interactive SQL

The interactive query console, osqueryi, gives you a SQL interface to try out new queries and explore your operating system. With the power of a complete SQL language and dozens of useful tables built-in, osqueryi is an invaluable tool when performing incident response, diagnosing an systems operations problem, or troubleshooting a performance issue. Deploy a security tool that also enables developers and administrators.

Performance is a Feature

osquery uses underlying systems APIs, never unsupported kernel hacks. Our build infrastructure ensures that newly introduced code is benchmarked and tested.