Extend osquery Beyond OS & Container Runtime
Gain a single source of visibility across host operating systems, container runtimes and cloud services data with cloud provider telemetry. Cloudquery runs as an extension to osquery and leverages the power of normalization so that new insights across your on-premise and cloud environments are just a SQL JOIN away. Like osquery, cloudquery data can be delivered to destinations including files, sockets, Kineses, and Kafka.
cloudquery Empowers Security Teams To:
- Query cloud provider data in the same way you query operating systems and containers
- Monitor configuration policies of your cloud resources and data
- Visualize on-prem and cloud environments in a single place
- Manage assets across AWS, Azure and GCP cloud providers in a single place
- Observe trends through historical data analysis
- Identify configuration drift
- Detect misconfigurations, such as public S3 buckets, MFA enablement, and more
- Conform to CIS Benchmark compliance standards
- Perform real-time investigations and root cause analysis
How cloudquery Works
Cloudquery can be deployed as an osquery extension or Docker container, on-prem or in the cloud, and can be configured to fetch data from one or more cloud providers. Read more about cloudquery in this blog post written by its developers.
- cloudquery fetches data for various resources using APIs supported by the cloud providers.
- With AWS, you can authenticate using an instance profile, access keys, role ARN and external ID, with options based on your security preferences.
- If you connect multiple cloud provider accounts, information for each resource will be easily identifiable.
- Your cloudquery data will be delivered to the destination deemed by your osquery configuration, available immediately.
Learn More & Contribute to cloudquery
Uptycs engineering resources are dedicated to advancing cloudquery’s open source capabilities along with meaningful contributions from the developer community. Near-term improvements will focus on new inventory tables for all cloud providers, new tables for events like AWS CloudTrail and VPC Flow Logs, as well as support for a where clause to help with filtering results.
cloudquery GitHub Repository Visit GitHub
cloudquery Tables for AWS See Tables
cloudquery Tables for GCP See Tables
cloudquery Tables for Azure See Tables
Get cloudquery Now
Install cloudquery now to augment your existing osquery deployment with cloud provider metadata.