Osquery uses basic SQL commands to leverage a relational data-model to describe a device.

osquery

```# cat /etc/osquery/osquery.conf
{
    "schedule" : {
        "net.connexions" : {
            "query" : "SELECT action, cmdline, socket_events.status, remote_address, remote_port, local_port, datetime(socket_events.time,'unixepoch') as time, socket_events.time as epoch FROM socket_events JOIN process_events ON socket_events.pid = process_events.pid WHERE remote_address NOT IN ('127.0.0.1');",
            "interval" : 10
        }
    }
}
#```