Ryan is Director of Engineering at Uptycs, where he enjoys bouncing around between kernel code, data pipelines, and even compilers to provide comprehensive security for container workloads, from build-time through large-scale production deployment. Prior to Uptycs, Ryan built teams solving exabyte-scale data challenges and scaling globally-distributed compute clusters at Facebook.
Osquery is a powerful tool that allows you to investigate and monitor a myriad of endpoint activity, status, and configuration information through a unified SQL interface. Inside osquery, there's typically a 1:1 correspondence between a source of information and the SQL table you can use to browse or search this information. Some sources of information include parts of the
/proc file system, API calls to container daemons, reading logs or status files on disk, and event streams coming from the Linux audit frame.