Performant Endpoint Visibility
osquery allows you to easily ask questions about your Linux, Windows, and macOS infrastructure. Whether your goal is intrusion detection, infrastructure reliability, or compliance, osquery gives you the ability to empower and inform a broad set of organizations within your company.
Read the deployment guide
or start contributing!
name FROM listening_ports l, processes p WHERE
osquery gives you the ability to query and log things like running processes,
logged in users, password changes, USB devices, firewall exceptions, listening ports,
You can perform ad-hoc queries or schedule them, optionally enable file integrity monitoring and process accounting too. More details can be found here
CentOS, Ubuntu LTS, Windows, and macOS, and almost every Linux OS released since 2011 are supported with no dependencies. osquery powers some of the most demanding companies, including Facebook.
Know when critical objects are added, modified or deleted from a system. Use a combination of event streams and polling with set differentials.
You control the roadmap. Developed in the open, by the community, for the community on Github.
The interactive query console, osqueryi, gives you a SQL interface to try out new queries and explore your operating system. With the power of a complete SQL language and dozens of useful tables built-in, osqueryi is an invaluable tool when performing incident response, diagnosing an systems operations problem, or troubleshooting a performance issue. Deploy a security tool that also enables developers and administrators.
Performance is a Feature
osquery uses underlying systems APIs, never unsupported kernel hacks. Our build infrastructure ensures that newly introduced code is benchmarked and tested. We perform continuous testing for memory leaks, thread safety, and binary reproducibility on all supported platforms. osquery thanks MacStadium for the macOS build infrastructure, we could not help keep deployments safe without you!