osquery is an working system instrumentation framework for accumulating data from working programs, hypervisors and functions. It’s usually used to gather data for safety forensics, utility efficiency administration and compliance auditing. osquery helps a number of platforms together with Home windows, Linux and macOS.
The osquery toolset gives a SQL-based interface for querying working system knowledge. This enables complicated queries to be constructed inside a well-recognized setting that’s each sturdy and safe. A question could include particular person or aggregated elements which are composed along with AND / OR operators to type an entire question. This gives the pliability that’s distinctive to SQL-based interfaces and permits customers to outline a versatile question workflow.
It’s a mission that goals to make working programs extra clear. It does this by accumulating data from the working system and making it out there to purchasers (the osquery shopper, shipped as a part of osqueryd), which might then be queried utilizing a SQL-like question language.
A whole lot of command-line instruments equivalent to ps, lsof, netstat or ss can be found on each Linux distribution and permit you to question the working system. Nevertheless, these instruments usually require explicit privilege to run (sometimes root) and have a slim scope. No privilege escalation is concerned in utilizing the OSQuery command line instrument.
On this course you’ll learn to use OSQuery to seek out details about your computer systems and servers. It’s a rookies course and no prior information is required, not even about SQL. If you’re a sysadmin, developer, safety researcher then this course is for you.