Did you know #osquery can dump process trees on macOS, Linux, and Windows? With a little SQL magic we can do that and more! dactiv.llc/blog/process-t…

Real-time file monitoring on Windows with osquery blog.trailofbits.com/2020/03/16/rea…

Great work from the ToB folks! I blogged an example configuration and results from the ntfs_events table at dactiv.llc/blog/new-in-os…

I'm very excited to release Fleet 3.0.0! We've managed to scale Fleet to over 150k hosts with the new changes, and also introduced some nice new features like Manual Labels. Check it out! #osquery github.com/kolide/fleet/r…

That is a lot of SQL! Congrats to the winners and to everyone who helped organize!

Here is a great end to end setup for using osquery to carve/acquire files remotely. Thanks for the in-depth description and walkthrough Ben!

This makes bpf events very accessible: select * from bpf_process_events. You’ll have to build from tip right now, but expect these features in the next stable release (eta 1 month). Next up, EndpointSecurity process events!

The osquery ecosystem keeps growing!

Keep them coming!

Very cool to see the initial talks and speakers added to the agenda, should be a fun and insightful event!

cloudquery looks great! A wonderful complimentary tool to osquery, query your endpoints and your cloud! What’s next? github.com/cloudquery/clo…

Announcing, osquery 5.0! 🎉 This is a tremendously exciting release. New code signatures, new paths, new packaging, new functionality! Check it out at github.com/osquery/osquer…

Osquery is not vulnerable to the Log4J CVE-2021-44228, as there are no Java components. The osquery.io website is statically hosted on GitHub pages.

🎉 Announcing osquery 5.2.2 with native macOS M1 support! 🎉 Downloads available in our package repos and at osquery.io/downloads/offi…. Huge effort from Trail of Bits, Stefano Bonicatti, Alessandro Gario, Sharvil Shah and more.

Anyone know of a tool like Snyk that supports C++ and can generate *public* reports of dependency vulnerabilities and fixes? Snyk seems to have a nice workflow but doesn't support the public reporting use case. Looking to address this issue for osquery.

🎉 Announcing Osquery 5.3.0! 🎉 Table improvements and bugfixes. Downloads available from osquery.io/downloads/offi…

Team @docker, what's the plan for OSS organizations that use the free team tier with your new pricing announcement (sunsetting the free teams tier)? Are projects like osquery no longer welcome on the platform?

Here's a little one-liner I like to use with osquery to figure out what process is listening on a network port when I can't bind my dev server: osqueryi 'select * from processes join listening_ports using (pid) where port = 8080'

Great to see osquery detections provided in a malware analysis report like this!