Osquery uses basic SQL commands to leverage a relational data-model to describe a device.

osquery

Hello Everyone I m joshua I need One help regarding the osquery I know Using `osquery` I m able to monitor the `docker`  is there any way to send the alert from os query to slack for example If I m running the previlaged container the `osquery`  should send the slack notification

Hey <@URH3S2N90>, to my knowledge Osquery does not have this ability. However, you can write the osquery logs to disk and have a python script read the logs for `privileged: true`.

Another alternative is shipping the Osquery logs to a SIEM like Splunk and have splunk alert on `privileged: true`