Sign in

Fleet Device Management
Open source endpoint visibility

What can we expect to see?

New features

Add filesystem logrotate feature


Human readable timestamps

Unix timestamps can be confusing for even the smartest Time Lord.


Improved performance of the additional queries feature


Connect network monitoring with endpoint monitoring.

Community ID


Using Elasticsearch and Kibana to visualize osquery performance


Which queries apply to a host


Rich process trees on macOS, Linux, and Windows

WITH target_procs AS (
SELECT * FROM processes WHERE name = 'osqueryd'
)
SELECT *
FROM (
WITH recursive parent_proc AS (
SELECT * FROM target_procs
UNION ALL
SELECT p.* FROM processes p JOIN parent_proc pp ON p.pid = pp.parent
WHERE pp.pid != pp.parent …

A simple query for IP-Geolocation

SELECT JSON_EXTRACT(result, '$.ip') AS ip,
JSON_EXTRACT(result, '$.city') AS city,
JSON_EXTRACT(result…


Proper use of JOIN to return osquery data for users

$ osqueryi
Using a virtual database. Need help, type '.help'
osquery> SELECT uid, name FROM chrome_extensions LIMIT 3;
+-----+--------------------------------------------+
| uid | name |
+-----+--------------------------------------------+
| 501 | Slides…

Bug fixes

Fleet Device Management

Open source endpoint visibility

Get the Medium app

A button that says 'Download on the App Store', and if clicked it will lead you to the iOS App store
A button that says 'Get it on, Google Play', and if clicked it will lead you to the Google Play store