hi all .. embarrassed to start with maybe the most noob question ever, but how do you trust that the osquery instance running on some machine is the real thing, and not an impostor sending back bogus or tampered telemetry?

I’m not sure there’s a simple answer. Generally speaking, this is a hard problem for all EDR software.

We do have a Security Model and extended discussion in here if it is of interest https://github.com/osquery/osquery/blob/master/ASSURANCE.md

@Mike Myers thanks a lot, that's excellent 🙏