osquery
Expose OS state as SQL tables—processes, sockets, users, browser extensions—for fleet visibility and compliance.
Why it is included
Ubiquitous agent model for endpoint inventory and detection engineering at scale.
Best for
Security and IT teams needing structured queries across laptops and servers.
Strengths
- SQL ergonomics
- Packs
- Osqueryi for IR
Limitations
- Requires fleet pipeline (Kolide/Fleet, Uptycs, etc.) for scale
Good alternatives
Wazuh agents · Elastic Agent
Related tools
Security & Privacy
Wazuh
Open security platform combining SIEM, XDR, file integrity monitoring, and compliance checks across endpoints and cloud.
Security & Privacy
Velociraptor
Endpoint visibility and DFIR: Velociraptor Query Language (VQL), hunts, notebooks, and artifact packs across fleets.
Security & Privacy
Steampipe
SQL layer over cloud and SaaS APIs—compose compliance and inventory queries across AWS, Azure, GCP, GitHub, Okta, and hundreds of plugins.
Security & Privacy
Lynis
Host-based security auditing for Unix: misconfigurations, packages, SSH, kernel hardening hints.
Security & Privacy
Syft
CLI and library for generating SBOMs (SPDX, CycloneDX) from images, directories, and archives.
Security & Privacy
Greenbone Community Edition (OpenVAS)
Full vulnerability management stack: OpenVAS scanner, Greenbone Vulnerability Manager, feeds, and web UI for scan management.