Hey all, looking for someone who has monitored osquery administrators logs and where you found them and what interesting things you all looked for.

We have our osquery configs configured via terraform and monitor the repo and also general peer review through normal git processes.

Has the tool itself built in logs for changes? I see what you mean by monitoring got changes, that’s a solid idea I had not thought of. I just would love more visibility into the actions taken on the platform and monitoring people issuing ad-hoc commands.