Osquery uses basic SQL commands to leverage a relational data-model to describe a device.

osquery

:wave: hey folks, I saw this video <https://asciinema.org/a/302647> on `process_dns_events` table in osquery and I think I remember it being mentioned before in an office hours call, is this something that is/will be added to osquery?

Hey Zachary! I ended up not implementing it since it requires a uprobe to trace glibc

So the major problem there is that if you run a binary that does not use the glibc installed on the system, or has a statically linked glibc

You won't be able to capture it because it will not trigger the uprobe

A dns resolution could also happen with a direct query via socket