osquery logo


Expose the operating system as a relational database (project of Linux Foundation)
+ 1

What is osquery?

osquery exposes an operating system as a high-performance relational database. This allows you to write SQL-based queries to explore operating system data. With osquery, SQL tables represent abstract concepts such as running processes, loaded kernel modules, open network connections, browser plugins, hardware events or file hashes.
osquery is a tool in the Desktop Querying Tools category of a tech stack.
osquery is an open source tool with GitHub stars and GitHub forks. Here’s a link to osquery's open source repository on GitHub

Who uses osquery?

3 companies reportedly use osquery in their tech stacks, including Passbase, Wuha, and MistNet.

23 developers on StackShare have stated that they use osquery.

osquery Alternatives & Comparisons

What are some alternatives to osquery?
It is a free, open-source host-based intrusion detection system. It performs log analysis, integrity checking, registry monitoring, rootkit detection, time-based alerting, and active response.
It is the acronym for three open source projects: Elasticsearch, Logstash, and Kibana. Elasticsearch is a search and analytics engine. Logstash is a server‑side data processing pipeline that ingests data from multiple sources simultaneously, transforms it, and then sends it to a "stash" like Elasticsearch. Kibana lets users visualize data with charts and graphs in Elasticsearch.
Prometheus is a systems and service monitoring system. It collects metrics from configured targets at given intervals, evaluates rule expressions, displays the results, and can trigger alerts if some condition is observed to be true.
It is a free, open source and enterprise-ready security monitoring solution for threat detection, integrity monitoring, incident response and compliance.
Sysdig is open source, system-level exploration: capture system state and activity from a running Linux instance, then save, filter and analyze. Sysdig is scriptable in Lua and includes a command line interface and a powerful interactive UI, csysdig, that runs in your terminal. Think of sysdig as strace + tcpdump + htop + iftop + lsof + awesome sauce. With state of the art container visibility on top.
See all alternatives

osquery's Followers
62 developers follow osquery to keep up with related blogs and decisions.