Osquery uses basic SQL commands to leverage a relational data-model to describe a device.

osquery

Hey guys, I released a blog based on the presentation I gave at infosecjupyterthon recording: <https://youtu.be/QCVd4Svtaa8|https://youtu.be/QCVd4Svtaa8>
“Untangling the Osquery:question: tables web:spider_web: using Jupyter Notebooks:notebook:” by Sevickson <https://link.medium.com/exGJNfIKl6|https://link.medium.com/exGJNfIKl6>
Let me know if you have any comments or ideas. :wink:

Very cool, I played around with the graph to inspect the highly connected columns and your note:

&gt;  It is quite difficult to create connections based only on column name, as some columns have the same name but different kind of data.


Is true but for the most part you can join on those highly connected names.

Hey <@U09M563C7>, thanks for your feedback. You are right, maybe I was not clear with that textline. 
What I was trying was just by looking at the column names or at least the graph and know I can join the tables. Joining on the highly connected columns is still possible indeed. 
I am working on a next iteration of the graph and thinking of using osquery-python, would you have some time for a few questions?