osquery

clong/DetectionLab

Automate the creation of a lab environment complete with security tooling and logging best practices

fleetdm/fleet

Open-source platform for IT, security, and infrastructure teams. (Linux, macOS, Chrome, Windows, cloud, data center)

kolide/fleet

A flexible control server for osquery fleets

palantir/osquery-configuration

A repository for using osquery for incident detection and response

zentralopensource/zentral

Zentral is a high-visibility platform for controlling Apple endpoints in enterprises. It brings great observability to IT and makes tracking & reporting compliance much less manual.

cyberdefenders/DetectionLabELK

DetectionLabELK is a fork from DetectionLab with ELK stack instead of Splunk.

chainguard-dev/osquery-defense-kit

Production-ready detection & response queries for osquery

kolide/launcher

Osquery launcher, autoupdater, and packager

jmpsec/osctrl

Fast and efficient osquery management

osquery/osquery-go

Go bindings for osquery

hubblestack/hubble

Hubble is a modular, open-source security compliance framework. The project provides on-demand profile-based auditing, real-time security event notifications, alerting, and reporting.

trailofbits/osquery-extensions

osquery extensions by Trail of Bits

aquasecurity/kube-query

[EXPERIMENTAL] Extend osquery to report on Kubernetes

Kirtar22/ThreatHunting_with_Osquery

Threat Hunting & Incident Investigation with Osquery

bgenev/impulse-xdr

Fully automated host & network intrusion detection platform. Detects malware from behavioural patterns rather than signatures and enables deeper visibility than legacy tools.

CityBaseInc/SIAC

SIAC is an enterprise SIEM built on open-source technology.

emirozer/exposq

Go app that dispatches osquery to multi-machines

zercurity/zercurity

Manage, monitor and improve your cyber security posture.

AbGuthrie/goquery

Provide a shell like interface by utilizing osquery's distributed API

ReconInfoSec/rhq

Recon Hunt Queries

huoji120/DuckSysEye

SysEye是一个window上的基于att&ck现代EDR设计**的威胁响应工具.有效检测常见的未知威胁与已知威胁.防守方的利剑

kolide/kolide-quickstart

[DEPRECATED] A quickstart demo for Kolide tools

arubdesu/EAs

Scripts to return inventory information for use in the JamfPro, heavily leveraging osquery

hrbrmstr/osqueryr

⁇ 'osquery' 'DBI' and 'dbplyr' Interface for R

knightsc/system_policy

osquery table extension that allows querying of information from the macOS private SystemPolicy.framework

kolide/osquery-starter-kit

A starter-kit for a source-controlled, CLI-based osquery management workflow.

sidorares/osquery-node

node.js client for osquery

Loginsoft-LLC/Linux-Exploit-Detection

Linux based vulnerabilities (CVE) exploit detection through runtime security using Falco/Osquery/Yara/Sigma

groob/osquery-condition

GSA/laptop-management

ALPHA/WIP for OSquery configuration for Mac and Linux Operating Systems

hubblestack/hubblestack_data

Data files for use with hubble

sevickson/osquery_tables_graph

Repository containing Jupyter Notebooks for working with OSQuery tables and data

maxi-w/os-chat

Chat interface for your computer

jacknagz/osquery-cookbook

A Chef Cookbook to install and configure osquery.

secureworks/atomic-harness

A tool to run and validate telemetry for Atomic Red Team tests