osquery

osquery is an open-source project created by a community-driven publisher that turns operating systems into relational databases, enabling security teams, system administrators, and DevOps engineers to query fleet-wide endpoint state with familiar SQL syntax instead of arcane command-line tools. The publisher’s single yet powerful product exposes live system data—running processes, listening ports, loaded kernel modules, browser plugins, hardware events, file hashes, and more—as virtual tables that can be joined, filtered, and aggregated in real time. This approach accelerates incident response, threat hunting, compliance auditing, and IT hygiene checks across Windows, macOS, and Linux environments without deploying intrusive agents or parsing disparate log formats. Typical use cases include detecting unauthorized persistence mechanisms, verifying patch levels, spotting anomalous network connections, and building custom dashboards that feed SIEM and SOAR pipelines. Because queries are plain SQL, analysts can share concise, version-controlled playbooks that run identically on laptops, servers, or containers, while engineers embed the same logic into CI/CD workflows to harden golden images before deployment. The publisher’s software is available for free on get.nero.com, with downloads delivered through trusted Windows package sources such as winget that always install the latest upstream release and support batch installation alongside other administrative utilities.