OSQuery

OSQuery is an open-source endpoint instrumentation framework that allows you to query operating system data using SQL-like queries. It exposes system information such as processes, users, network connections, hardware details, and file hashes as structured tables. Security teams can use OSQuery for threat hunting, compliance monitoring, and forensic analysis. It supports multiple platforms including Linux, macOS, and Windows, providing a unified query interface across environments. OSQuery can be integrated with logging and SIEM solutions to provide real-time visibility into endpoint activity, helping detect anomalies and security incidents.

Details

Deployment mode

Cloud, SaaS, web-based

Desktop Linux

Desktop Mac

Desktop Windows

On-premise Linux

Pricing model

Free

Open source

Organisation

Recommended by NERO

This organisation collects external/opensource solutions and training resources collected and validated by NERO partners.

Training and support

Free trial available:

Yes

Available trainings

Ratings & reviews

This solution has not been reviewed yet.