Hello I am new to OSQuery and was wondering how does OSQuery gather information from the operating system? Sorry if this is a silly question.
09/22/2020, 5:52 PM
Hi Chaz, this is not a silly question and it's a big reason why people choose osquery.
Osquery obtains OS information by interpreting the user's SQL query and converting that to a native API call to gather that data.
It then pulls all that info together and sends the results back as if they were coming from a DB...but in reality they are coming live directly from the OS itself.
Osquery is written primarily in C++ / Objective C so it can call macOS, Windows and Linux APIs as natively as possible which results in the lowest impact to performance
09/22/2020, 5:54 PM
Thank you! That answers it for me appreciate it very much!