Ugh, apologies in advance if this questions has already been asked - is there any guidance for running multiple copies of osquery on a single box? Our IT folks want to deploy a couple of osquery-based products and I'm a bit worried its going to conflict with our existing deployment.

osquery assumes some default paths, for example

/var/osquery

on macOS. If you are running two instances of osquery you will need to override these with configuration options. It's absolutely possible. However, I think the general guidance is only to have 1 osquery running.

If you’re running something a vendor, I’d expect them to have isolated osquery to their namespace. For example, Kolide sets osquery’s database to

/var/kolide-k2/k2device.kolide.com/