@kumar I would suggest starting with the readthedocs page: https://osquery.readthedocs.io/en/latest/ You can install osquery on a test device, then launch the osqueryi (interactive shell) and begin to explore using osquery SQL to return endpoint data locally: https://osquery.readthedocs.io/en/latest/introduction/sql/ Data on a device is accessed by the osquery agent which makes real-time calls to native OS API's and translates the output into SQLite virtual tables. These virtual tables can be joined against one another and manipulated like a traditional relational database. A full schema of the virtual tables available in the most current osquery version can be located here: https://osquery.io/schema An example of the output of osquery is demonstrated below:

osquery> SELECT * FROM os_version;
+----------+---------+-------+-------+-------+--------+----------+---------------+----------+--------+
| name     | version | major | minor | patch | build  | platform | platform_like | codename | arch   |
+----------+---------+-------+-------+-------+--------+----------+---------------+----------+--------+
| Mac OS X | 10.15.7 | 10    | 15    | 7     | 19H114 | darwin   | darwin        |          | x86_64 |
+----------+---------+-------+-------+-------+--------+----------+---------------+----------+--------+

Once you begin to understand what data osquery can return and how it can be interacted with, you can begin to look at various fleet management solutions, of which there are a number of open-source and paid options. However, I would strongly recommend getting your feet wet with the steps above so that you can better reason about your specific needs and the goals you are trying to achieve using osquery.

Thanks @fritz

Happy to help! 🙂