Digital Garden

Recent Notes

Thermocline
Apr 21, 2026
Sea surface temperature
Apr 21, 2026
Micro Scale Process
Apr 21, 2026
Machine-actionable Knowledge for Earth Science
Apr 21, 2026

❯

❯

Osquery

Apr 21, 20261 min read

linux
administration
security
telemetry
notes

Osquery

osquery lets operators query endpoint state with SQL-style syntax.

Why it matters

Standardizes endpoint inspection across heterogeneous Linux fleets.
Supports scheduled queries for baseline and drift detection.
Useful for threat hunting and compliance checks.

Operational notes

Define baseline query packs per server role.
Tune intervals and result forwarding to control overhead.
Integrate with central log/SIEM pipelines.

Related

Wazuh
Lynis
Linux Administration in Datacenters

Graph View

Osquery
Why it matters
Operational notes
Related

Backlinks

Linux Administration in Datacenters
Linux Host Hardening Stack Patterns
Lynis
MOC Linux Administration and Security
Wazuh

Created with Quartz v4.5.2 © 2026

Website
GitHub
ORCID
LinkedIn