Osquery uses basic SQL commands to leverage a relational data-model to describe a device.

osquery

Has anyone tried parsing Windows sdb files with osquery? For example, `windir%\security\database\secedit.sdb` , which stores local policy configuration (password complexity requirements, etc)

Unfortunately its contents are binary encoded, so its not as simple as using augeas  (unless I am missing something)

Is this data what `secedit /export` dumps? (launcher has a wrapper over that)

Can you remind me - are those tables licensed FOSS?

nvm, found it - <https://github.com/kolide/launcher/tree/master/pkg/osquery/tables/secedit>