Osquery uses basic SQL commands to leverage a relational data-model to describe a device.

osquery

<@U01G9JBKA5C> RE: <https://twitter.com/tlark8/status/1770298747530121678>

 Can you give any more context? Sounds interesting, but I don't really grok what you actually did lol.

hi and sure thing

I work for a data platform company, and we have osquery on every endpoint managed by FleetDM. We have scheduled queries coming in every hour to once a day, and we stream the results via firehose kinesis into Snowflake. I have written previous blog posts about this that explain it a bit better

<https://t-lark.github.io/posts/more-osquery-data-modeling-snowflake/>

for that tweet, I am ingesting `select * from processes` and then I modeled that data in :snowflake:

and we collect it every hour because we want to build compute profiles and in general ensure we are spec'ing proper hardware to humans and the data model for all macOS and Win devices is 5.9 billion rows of data :sweat_smile:

That context helps, thanks :slightly_smiling_face:

cool I am glad it actually makes sense to other people