Osquery logo

Osquery

Endpoint Security (Antivirus/EPP)

Open Source
OpenFrame Selected
Free Tier
Self-hosted
OpenMSP Score
48
26
Reddit Impact Score
Github Score
314M
23KStars
2KForks
6KCommits
OtherLicense
Jul 2, 2026Last commit
Osquery is a powerful open source operating system instrumentation framework that provides a unique approach to endpoint security and system monitoring. Originally developed by Facebook in 2014 and now maintained by the Linux Foundation, Osquery transforms operating systems into relational databases, enabling SQL-based queries for comprehensive system visibility. Key capabilities include: • SQL-Based Querying: Use familiar SQL syntax to extract detailed system information across endpoints • Cross-Platform Support: Native support for Windows, macOS, Linux, and FreeBSD operating systems • Comprehensive Data Collection: Monitor running processes, network connections, file hashes, user logins, hardware events, and system configurations • Real-Time Monitoring: Continuous event collection including file modifications, process execution, and system changes • Security Applications: Threat hunting, incident response, compliance auditing, and anomaly detection • Extensible Architecture: Thrift-based extensions API for custom tables and functionality • Universal Agent: Single agent solution that normalizes data across different operating systems • Integration Ready: Export capabilities with existing security tools and SIEM platforms Osquery serves as both an interactive command-line tool (osqueryi) and a daemon service (osqueryd) for scheduled queries. With over 272 available tables, it provides unprecedented visibility into endpoint activities, making it essential for security teams conducting investigations, compliance monitoring, and proactive threat detection across diverse operating environments.
image media
1 / 2

Key Features

SQL-based OS queries

Exposes operating system information as a relational database queryable with SQL, making system interrogation accessible to analysts.

Real-time monitoring events

Event-based tables capture system changes in real-time including file modifications, process launches, and network connections.

File integrity monitoring

Monitors specified files and directories for changes with hashing and attribute tracking for detecting unauthorized modifications.

Cross-platform support

Consistent SQL interface across Windows, macOS, Linux, and FreeBSD enabling unified fleet querying regardless of OS.

Performance metrics collection

Gathers detailed performance data including CPU, memory, disk, and network statistics for capacity planning and anomaly detection.

Configuration assessment queries

Pre-built queries assess security configurations against benchmarks like CIS with continuous compliance monitoring capabilities.

Pros and Cons

Pros

SQL interface

Innovative SQL interface for system information

Open source

Fully open source with active community

Cross-platform

Works across Windows, macOS, and Linux

Low footprint

Lightweight with minimal system impact

Integration friendly

Easy integration with other security tools

Cons

Not a complete EDR

Visibility tool rather than complete EDR solution

Limited response

Limited automated response capabilities

Query expertise

Requires SQL and system knowledge

Management overhead

Requires additional tools for fleet management

Feature Comparison

Comments

No Comments Yet

Be the first to share your experience with Osquery.

Frequently Asked Questions

Getting Started

OpenMSP is The MSP Knowledge Hub & Community Platform designed specifically for Managed Service Providers seeking to optimize their technology stack, reduce vendor costs, and discover open-source alternatives. We combine a comprehensive vendor directory, open-source solution catalog, and integrated community discussions to help MSPs make informed decisions.
Yes, completely free. Browse vendors and tools, read comparisons, and join community discussions - no cost, no registration required. OpenMSP is community-supported and focused on empowering MSPs to reduce costs and improve operational efficiency through open-source technology.
We help MSPs identify cost-effective alternatives to expensive commercial solutions, provide transparent vendor information, and connect you with proven open-source alternatives. Our platform enables MSPs to make informed decisions about their technology investments.
No account required for browsing vendors, reading comparisons, or accessing community content. Creating a free account with SSO (Microsoft, Google, or Slack) allows you to participate in discussions and save your favorite tools.

Platform Information

OpenMSP is currently community-supported. We focus on providing value to the MSP community first. Any future monetization will keep the core platform free for MSPs while maintaining our independence and commitment to unbiased information.
We focus exclusively on MSP needs with transparent vendor information and open-source alternatives. No vendor partnerships or sponsored listings - just honest, community-driven information to help MSPs make better technology decisions. Our biggest value is our community where MSPs help each other with questions, setup guidance, and sharing real-world experiences.
Our community of MSP professionals helps verify and update information. We also maintain direct research on tools and vendors to ensure accuracy. Community members can report outdated information, and we work to keep everything current.
OpenMSP was founded by Michael Assraf, who has extensive experience in the MSP industry and product leadership. As the former CEO & Founder of Vicarius, Michael grew a startup from $0 to $9M ARR with 500+ customers and deep experience working with MSPs, partners, and fundraising. OpenMSP represents his commitment to empowering the MSP community through better technology decisions and cost optimization.

Open-Source Tools & Alternatives

We assess tools based on active development, community size, documentation quality, production deployments by MSPs, and available support options. Tools must meet strict criteria for reliability and enterprise readiness.
Many open-source projects offer multiple support options including community forums, commercial support from vendors, professional services, and our community discussions where experienced MSPs share implementation guidance.