Osquery, a tool initially developed by Facebook, is an opensource tool that queries an operating system as if it were a relational database. It leverage SQL-like queries to gather Operating System information for performance, security, compliance audit analysis.
Links:
- https://www.uptycs.com/blog/3-useful-ways-osquery-can-help-with-security-compliance
- https://www.uptycs.com/blog/osquery-what-it-is-how-it-works-and-how-to-use-it
- https://www.sans.org/webcasts/leveraging-osquery-for-compliance/
- https://www.sans.org/webcasts/an-easier-way-to-multi-cloud-multi-account-cloud-compliance/
- https://www.sans.org/blog/why-automation-compliance-cloud-part-1/
- https://zercurity.medium.com/building-atop-osquery-compliance-monitoring-threat-hunting-and-auditing-dec2d3da4911
- https://zercurity.medium.com/what-is-osquery-ea90270d10de
- https://kifarunix.com/install-osquery-on-ubuntu/