What do you guys use to generate alerts from the logs from osquery? Currently looking into how we should do it, atm streamalert seems interesting. Anyone here using it, if so, how do you like it?

maybe unrelated but we made snowalert (https://github.com/snowflakedb/SnowAlert) which does alerting on top of osquery + a bunch of more stuff, and is pretty similar but runs on top of snowflake db (disclaimer - i work at snowflake)

ElastAlert. Osquery logs go to Elasticsearch via Kinesis and Logstash and then we’ve written our own rules.