🗂️ Navigation
📁 Endpoint Management
📋 Linux Endpoint Management
🔧 osquery

osquery

SQL powered operating system instrumentation, monitoring, and analytics.

Visit Website →

Overview

osquery is an open-source SQL-powered operating system instrumentation, monitoring, and analytics framework. Developed by Facebook, it allows you to query low-level operating system information like running processes, loaded kernel modules, open network connections, and hardware events using a SQL-like syntax. This enables powerful and flexible endpoint visibility for security, compliance, and operations.

✨ Key Features

  • Endpoint Visibility via SQL
  • Cross-Platform (Linux, macOS, Windows, FreeBSD)
  • Low-level System Information Access
  • Intrusion Detection
  • File Integrity Monitoring
  • Extensible with Custom Tables

🎯 Key Differentiators

  • SQL interface makes complex queries simple and intuitive
  • Consistent, cross-platform API for system information
  • High performance and low resource overhead

Unique Value: Provides a universal, SQL-based language to ask any question about any endpoint, enabling powerful security and operational insights.

🎯 Use Cases (4)

Threat hunting and incident response Auditing system configurations for compliance Monitoring for suspicious activity on endpoints Gathering detailed asset inventory information

✅ Best For

  • Endpoint detection and response (EDR) data collection
  • Security compliance monitoring
  • Operational troubleshooting

💡 Check With Vendor

Verify these considerations match your specific requirements:

  • Configuration enforcement or patch management (it's a visibility tool, not a management tool)

🏆 Alternatives

Sysmon Auditd Velociraptor

Instead of learning dozens of different command-line tools and log formats for each OS, osquery provides a single, consistent way to get system information across all platforms.

💻 Platforms

Linux macOS Windows FreeBSD

✅ Offline Mode Available

🔌 Integrations

FleetDM Uptycs Kolide Splunk Elasticsearch

💰 Pricing

Contact for pricing
Free Tier Available

Free tier: osquery is free and open source.

Visit osquery Website →

🔄 Similar Tools in Linux Endpoint Management

Scalefusion

UEM solution to secure and manage endpoints including smartphones, tablets, laptops, and rugged devi...

$2.00/mo

ManageEngine Endpoint Central

A comprehensive UEM solution for managing and securing servers, laptops, desktops, smartphones, and ...

Contact

JumpCloud

A cloud-based directory platform that combines device management, SSO, and identity management....

$2.00/mo

NinjaOne

A unified IT operations platform that combines endpoint management, RMM, and remote access....

Contact

Red Hat Ansible Automation Platform

An open-source automation tool for application deployment, configuration management, and orchestrati...

Contact

Puppet

An automated administrative engine for Linux, Unix, and Windows systems that performs administrative...

Contact