Osquery uses basic SQL commands to leverage a relational data-model to describe a device.

osquery

Hey there, I was wondering - did anyone ever considered GDPR regulations on osquery data? I understand it is possible to hash fields/columns in a query, which is very helpful, yet some columns may consist pii in very specific cases (e.g. windows_events might contain the username?), does anyone have any idea how to approach this issue?

a better example - in many user endpoints paths of files may contain the username (which is often the user real name - thus pii)

I don't think changes need to be made on the osquery side, you probably need to look at what data you are attempting to collect with osquery and how it is being stored and accessed

oh, of course no changes on osquery side are required - I wanted to know if and how others in the community are dealing with the issue