Osquery uses basic SQL commands to leverage a relational data-model to describe a device.

osquery

Hi everyone! New to :osquery:

What is everyone using to remotely query a fleet of laptops and return the results? I've gotten pretty comfortable with doing it on my local machine with `osqueryi` shell. This is the two I'm looking at? <https://fleetdm.com/> and Kolide.

Some of the products I know of:
1. fleetdm (see <#C01DXJL16D8|>)
2. kolide (see <#C1XCLA5DZ|>)
3. osctrl: <https://osctrl.net/> (unsure if they have a channel here)
4. Something I saw recently: <https://www.elastic.co/about/press/elastic-announces-osquery-management-integration-for-unified-data-analysis-to-address-cyber-threats>

<@U0JFM04MS> has made a super cool tool to setup a test environment for fleetdm: <https://github.com/fleetdm/osquery-in-a-box>

Each osquery fleet manager is specialized to specific usecases as well, and many have differences regarding whether they are SaaS-based or on-prem

For osctrl there's an <#CHCLHJH7X|> channel here. Another OSS option to look at if you're doing mostly macOS is <https://zentral.io/|Zentral>.