Cross-Platform Support
Osquery is designed to work on multiple operating systems, including Windows, macOS, and Linux, allowing consistent querying across different environments.
SQL-based Query Language
Allows users to leverage SQL, a familiar and widely-used language, to query and analyze the state of the system like a database.
Open Source
Being an open-source tool, osquery is freely available for modification and distribution, encouraging community collaboration and contributions.
Real-time Monitoring
Supports event-based monitoring, providing the ability to track changes and detect unusual activities as they happen with the osqueryd daemon.
Extensibility
Users can extend osquery with custom plugins and tables, allowing it to meet unique requirements and integrate with other tools.
Security Auditing
Helps in performing security audits by providing insights into system-level activities and configurations, assisting in detecting potential vulnerabilities.
We have collected here some useful links to help you find out if osquery is good.
Check the traffic stats of osquery on SimilarWeb. The key metrics to look for are: monthly visits, average visit duration, pages per visit, and traffic by country. Moreoever, check the traffic sources. For example "Direct" traffic is a good sign.
Check the "Domain Rating" of osquery on Ahrefs. The domain rating is a measure of the strength of a website's backlink profile on a scale from 0 to 100. It shows the strength of osquery's backlink profile compared to the other websites. In most cases a domain rating of 60+ is considered good and 70+ is considered very good.
Check the "Domain Authority" of osquery on MOZ. A website's domain authority (DA) is a search engine ranking score that predicts how well a website will rank on search engine result pages (SERPs). It is based on a 100-point logarithmic scale, with higher scores corresponding to a greater likelihood of ranking. This is another useful metric to check if a website is good.
The latest comments about osquery on Reddit. This can help you find out how popualr the product is and what people think about it.
Cool project, I wish we had more GUIs for these OS functions. How was your experience with GTK4 and Rust? And it's a bit sad that in the year of our lord 2025, the best way to get such fundamental information is by using regexes to parse a table[1], generated by a 6000-line C program[2], which is verified by (I hope I'm wrong!) a tiny test suite[3]. OSQuery[4] is also pretty cool, but it builds upon this fragile... - Source: Hacker News / 8 months ago
Thatโs where osquery_hunter comes in โ a simple Python-based helper that uses osquery to collect process and network data, then flags unsigned or suspicious binaries for rapid triage. - Source: dev.to / 9 months ago
The open source projects Fastly uses and the foundations we partner with are vital to Fastlyโs mission and success. Here's an unscientific list of projects and organizations supported by the Linux Foundation that we use and love include: The Linux Kernel, Kubernetes, containerd, eBPF, Falco, OpenAPI Initiative, ESLint, Express, Fastify, Lodash, Mocha, Node.js, Prometheus, Jenkins, OpenTelemetry, Envoy, etcd, Helm,... - Source: dev.to / about 2 years ago
The largest we have successfully deployed is on the OSQuery schema https://osquery.io/ which is 277 tables and lots of business context (malwares, vulnerabilities, Windows registry keys, etc). - Source: Hacker News / over 2 years ago
From a self hosted standpoint OSQuery or Wazuh are your best bets for monitoring USB devices. Windows makes blocking really challenging and Iโm not aware of any โfreeโ solutions that attempt it. Source: about 3 years ago
Configure auditd to monitor host activity: https://izyknows.medium.com/linux-auditd-for-threat-detection-d06c8b941505 or osquery: https://osquery.io/ (or similar software: filebeat for example). Source: about 3 years ago
OS Query : Easily ask questions about your Linux, Windows, and macOS infrastructure. - Source: dev.to / over 3 years ago
Osquery + Fleet. https://osquery.io/ https://fleetdm.com/, using the two allows you to build a query to answer what ever questions you (or an auditor) might have about your environment. Source: over 3 years ago
May be you can take a look into osquery (never used, but interested on it because I think it provides this kind of information). Source: over 3 years ago
Seems like the next step past https://osquery.io/. - Source: Hacker News / almost 4 years ago
Exactly! https://osquery.io is one example that. - Source: Hacker News / almost 4 years ago
Osquery, with or without fleetdm or kolide. Source: about 4 years ago
As u/dewyke OS Query may do what you need - https://osquery.io/. Source: about 4 years ago
I would recommend looking at OSQuery. Source: over 4 years ago
Hey all,- I'm the co-author of this osquery field guide for log4j defenders over on TNS. Happy to answer any questions. If you're not familiar with the open-source osquery project, learn more here. It's glorious. Here's a tl;dr on the queries in the blog post:. Source: over 4 years ago
For compliance monitoring, some people use tools like osquery and auditd. Source: almost 5 years ago
Could be running something like https://osquery.io/. - Source: Hacker News / almost 5 years ago
I've always been interested in the approach taken by osquery but I wonder if it's more than a cool project and if it's usable in practice? Would love feedback :). Source: almost 5 years ago
Deployment phase - Osquery, Falco and Tripwire. - Source: dev.to / almost 5 years ago
Many options exist. OSQuery is one, and it's free, and it can be used to grab a bunch of other system information which might be useful at a later date. https://osquery.io/. Source: about 5 years ago
OS Query : Easily ask questions about your Linux, Windows, and macOS infrastructure. - Source: dev.to / over 5 years ago
Do you know an article comparing osquery to other products?
Suggest a link to a post with product alternatives.
Is osquery good? This is an informative page that will help you find out. Moreover, you can review and discuss osquery here. The primary details have not been verified within the last quarter, and they might be outdated. If you think we are missing something, please use the means on this page to comment or suggest changes. All reviews and comments are highly encouranged and appreciated as they help everyone in the community to make an informed choice. Please always be kind and objective when evaluating a product and sharing your opinion.