What is OSQuery?

OSQuery is an open source service that allows its users to look at device details using basic SQL commands. This open-source service was created by Meta, formerly known as Facebook. To learn more about what this service does, visit their website.

Using OSQuery, users are able to find a lot of details about the machine it is installed on such as who currently has a session on the box, what services are currently running that do not have binaries associated with them, which mounted disks are encrypted, and tons more using SQL queries!

OSQuery is compatible with Windows, macOS, CentOS, FreeBSD, and almost every Linux OS. This service has no dependencies either making it extremely convenient and easy to install! Below are install guides for different Operating Systems.