Thanks @Guillaume - lots of work! The osquery integration grew out of a presentation I did at Security Onion Con 2018, where I demoed a proof of concept osquery + Security Onion integration - it was very clear afterward that the community wanted to see more of osquery.