14 lines
516 B
Markdown
14 lines
516 B
Markdown
---
|
|
obj: application
|
|
website: https://www.osquery.io
|
|
repo: https://github.com/osquery/osquery
|
|
---
|
|
|
|
# osquery
|
|
|
|
[osquery](https://osquery.io/) is an open-source endpoint instrumentation framework. It exposes an operating system as a high-performance relational database, allowing you to write SQL queries to explore system state and activity in real-time. See [schema](https://osquery.io/schema/5.17.0/).
|
|
|
|
## Usage
|
|
Usage: `osqueryi [SQL]`
|
|
|
|
Example Statement: `SELECT name, path, pid FROM processes WHERE on_disk = 0;`
|