Using Facebook’s osquery for Monitoring and Response

Real-time visibility is key to completely understanding the current state of your IT infrastructure. In October 2014, Facebook made low-level operating system monitoring easier by releasing their endpoint and server security monitoring tool, osquery, as an open-source project. The project was developed to be operating-system agnostic. This means that it can operate on Windows, Linux, and Apple OSX. By exposing collected data via Structured Query Language (SQL), a request for information on Windows works the same as it does on