Skip to content
Request Your Demo

    Query Your Endpoints Like A Database

    osquery Provides Extensible Endpoint Visibility

    osquery is a universal, light-weight, highly configurable endpoint agent which can collect and normalize data across macOS, Linux, Windows and container environments. It is managed by The Linux Foundation and is widely adopted by IT security teams looking for an open platform for endpoint visibility. osquery increases visibility across your infrastructure and gives you the power to ask questions using SQL across any machine, such as “Which machines are running vulnerable software packages?” and “Where else are we seeing this malicious process?”

    How Is osquery Used?

    osquery empowers a variety of security roles with broad visibility and comprehensive analytics. Whether you’re concerned with enforcing configuration policies, SOC 2 compliance or hunting threats, osquery can help security teams secure their attack surface and drive better outcomes.

    Uptycs-Icon-protection Security Configuration Management Audit all machines in your fleet and more Read More
    Uptycs-Icon-Search Document Compliance Collect a subset of data for compliance checks (osquery Compliance Query Packs)  Read More
    Upytcs-Icon-Detection Detection & Threat Hunting Stop lateral movement and detect behavioral anomalies Read More
    Uptycs-Icon-Devops DevOps Find vulnerabilities early in the development process Read More
    Uptycs-Icon-Team ops IT Administration Audit active users & unknown logins Read More
    osquery-how it works

    How osquery Works

    osquery is a small endpoint agent that makes your entire system configuration and runtime state available for query through an SQL interface, including a real-time stream of events. With osquery, you can:
    • run SQL queries to retrieve information from system calls, system APIs, configuration files, and your filesystem directly across your entire fleet of laptops, servers, or containers.
    •  schedule these queries to run periodically and be delivered to your storage destination of choice for alerting and after-the-fact investigation.  
    • subscribe to event sources to immediately detect new processes, network activity, and file changes. These events can be streamed to your specified destination for detection and investigation purposes.
    • run ad-hoc queries through your fleet manager to investigate your system in real time.
    osquery Schema Browse the 200+ osquery tables on the site View Schema
    osquery Documentation Read the official documentation for install, configuration & deployment and debugging tips. Read the Docs
    Open Source Resources Explore curated materials created by osquery practitioners. Explore Resources

    How does Uptycs support and use osquery?

    Uptycs developers and engineers contribute features and bug fixes to the open source osquery project. Fun fact—way back in 2017, we contributed the original Docker tables extending osquery to containers. More recently, we’ve open-sourced two osuery extensions:

    • Cloudquery: extends osquery for AWS, GCP & Azure account services data 
    • Kubequery: extends osquery for K8s cluster data

    We have plans to release additional extensions in the future to broaden osquery’s visibility across the modern attack surface to include Identity Provider and SaaS Provider telemetry. To support the ongoing education and evangelism of osquery, we also host the annual osquery@scale conference, bringing osquery practitioners together with their osquery-curious peers for meaningful knowledge exchange focused on production use cases.   

    When it comes to Uptycs Unified CNAPP and XDR, osquery provides the foundational telemetry for endpoints and containers that when augmented by cloudquery and kubequery, form the basis of our telemetry-powered security offering for Cloud Workload Protection, Cloud Security Posture Management, eXtended Detection & Response, Insight & Inventory, and Audit, Compliance & Governance. For Uptycs Unified CNAPP and XDR, we’ve enhanced the osquery agent—optimizing it for scale, reliability and performance. 

    Install osquery Now

    Visit for the latest install package and installation guidance.