Open in app

Sign in

Write

Sign in

OSQUERY

Aneesharokkiasamy
3 min readMay 27, 2022

--

Do you want to know about operating system data like process running, kernel loading, open network connections, browser plugins, hardware events , file hashes & installed application. If yes then this will help you. In this blog i’m going to share about awesome tool used to gather information operating system.

We already familiar with database. What it does? Whatever we do on our system the data will save on the database. Database is a storage container used to store all kind of data and we can reterive the data whenever we need. If we say database we remember database tool called sql. Which is used to store and reterive the data.

SQL is Structured Query Language used to store & manipulate data from the database. Here based on the query the data will be reterived. Like sql, osquery is awesome tool used for gathering operating system data’s.

What is OSQUERY?

Osquery is an opensource tool by facebook.It is a monitoring framework used to provide detailed visibility into the operating system, processes, and network connections of a computer. If you’re familiar with sql syntax then it’ll be easy to query about the infrastructure. It can also be installed on multiple platforms like windows, linux, macOS. It’s an advantage for both IT & security operation.

It’s effectively allows to fetch data from the database. It can executed sql query using command line/console.

Some other tools that utilize Osquery are listed here.

  • Alienvault: The AlienVault agent is based on Osquery.
  • Cisco: Cisco AMP (Advanced Malware Protection) for endpoints utilize Osquery in Cisco Orbital.

You can install osquery from here https://osquery.readthedocs.io/en/stable/

Exploring Sql Query

Once Osquery installed type osqueryi on Command prompt. This will give you access to the Osquery virtual database. Osqueryi is osquery interactive query console/shell. It doesnt need any root privileges.

We already know that in database, the data has stored as table format like rows & column. So .Tables is a command is used to display all the available tables.

Here’s an example syntax of Osquery

Let’s findout the users who’re all have a access to the system

SELECT * FROM users;

This syntax used to display the users list from the databases. Like guest, Admin, & other users.

If you want find what’re the process running on the background then use this syntax

SELECT * FROM processes;

This syntax is used to display the process running on the operating system.

Like this it will display all the running processes of your system.

If you want to know about the os version using osquery, then here’s the syntax

SELECT version FROM os_version;

To know who’re all logged in the system, then use this syntax

SELECT * FROM logged_in_users;

Do you want to learn more about osquery & it’s syntax refer this

Welcome to osquery - osquery

osquery is an operating system instrumentation framework for Windows, OS X (macOS), and Linux. The tools make low-level…

osquery.readthedocs.io

osquery Linux Tutorial and Tips | HackerTarget.com

Ninja Level Monitoring and System Visibility Osquery is a monitoring framework. It provides detailed visibility into…

hackertarget.com

Thanks for Reading…

Osquery
Cti
Cyber Threat Intelligence
Blue Team

--

--

Aneesharokkiasamy
Aneesharokkiasamy

Written by Aneesharokkiasamy

78 Followers
7 Following

Security Researcher | Blogger | Assistant Professor | Seeking for CTI Job | OSINT|CTI TOOLS|Do support me

No responses yet

Help

Status

About

Careers

Press

Blog

Privacy

Terms

Text to speech

Teams