Osquery

edit

Osquery is an open source tool that lets you use SQL to query operating systems like a database. When you add the Osquery manager integration to an Elastic Agent policy, Osquery is deployed to all agents assigned to that policy. After completing this setup, you can run live queries and schedule recurring queries for agents and begin gathering data from your entire environment.

Osquery is supported for Linux, macOS, and Windows. You can use it with Elastic Security to perform real-time incident response, threat hunting, and monitoring to detect vulnerability or compliance issues. The following Osquery features are available from Elastic Security: