Fleet logo
Menu An icon indicating that interacting with this button will open the navigation menu.
Fleet logo An 'X' icon indicating that this can be interacted with to close the navigation menu.
Multi platform
Device management   (+ MDM) Orchestration   (+ monitoring) Software management   (+ CVEs) Integrations

Docs
Stories
News Ask around Share your story COMPANY
The handbook What people are saying

Pricing Schedule a demo
Multi platform
Device management + MDM Orchestration + monitoring Software management + CVEs, usage, app library Integrations
Docs
Stories
News Ask around Schedule a demo Share your story COMPANY The handbook What people are saying
Pricing Try it yourself
{{categoryFriendlyName}}/
{{thisPage.meta.articleTitle}}
search

Osquery: a tool to easily ask questions about operating systems

{{articleSubtitle}}

| The author's GitHub profile picture

Kelvin Omereshone

Share this article on Hacker News Share this article on LinkedIn Share this article on Twitter

On this page

{{topic.title}}
Docs Docs REST API REST API Guides Guides Talk to an engineer Talk to an engineer
Suggest an editSuggest an edit

Try it out

See what Fleet can do

Start now
macOS Windows Linux

Osquery: a tool to easily ask questions about operating systems

{{articleSubtitle}}

| The author's GitHub profile picture

Kelvin Omereshone

Osquery: a tool to easily ask questions about operating systems

osquery

What is osquery?

Osquery is an easy-to-use operating system monitoring tool that uses SQL to expose a device’s operating system as a highly performant relational database. But what does that mean? In short, osquery allows you to ask questions about your operating system. More than that, though:

  • Osquery is compatible with any operating system and unifies how we ask questions across Windows, macOS, and Linux distributions like Ubuntu or Debian.
  • It gives access to the underlying state of an operating system.
  • It’s fast and lightweight.
  • It’s open-source and easy to use by folks of varying technical skill levels.
  • It’s a single-agent solution for meeting many of the needs of security and admin teams — who typically have to deploy and manage several proprietary and expensive device management tools.
  • And lastly, it’s a breath of fresh air compared to other operating system monitoring tools, which often have complicated learning curves and consume many system resources.

With simple SQL statements, osquery can easily pull information about an operating system’s status and health, from something simple, such as getting the uptime data for a MacBook, or checking its battery health, to checking for vulnerabilities on your CentOS servers.

What can you use osquery for?

So, we’ve established that osquery is a powerful, flexible tool that uses SQL to get real-time data to monitor and manage devices. Now let’s look at some of its uses.

Osquery for vulnerability management

With osquery, you can easily monitor devices for vulnerabilities and misconfigurations. osquery-a-tool-to-easily-ask-questions-about-operating-systems

  • Check for security misconfigurations.
  • See if unwanted or malicious applications or extensions are running.
  • Verify the status of firewalls and drive encryption.
  • Check for outdated or vulnerable operating system and software versions.

Osquery for incidence response / digital forensics

Use osquery to investigate devices accurately, in real-time, and then feed your osquery data into your SIEM (Security Information and Event Manager) of choice. Incident responders can use these event logs to help them detect any digital footprints left behind by intruders and respond to threats swiftly before they become an emergency.

  • Osquery for support teams / CPEs (Client Platform Engineers)
  • Osquery support teams can quickly diagnose issues with any device in their fleet by querying that device for information.
  • For Client Platform Engineers(CPEs), osquery helps make it easy to diagnose a device remotely once you deploy osquery at scale.

Osquery for Zero Trust

In the wake of Covid-19, there’s been an extremely high occurrence of breaches. Implementing Zero Trust Support teams with osquery can help them quickly diagnose issues with a specific device in their fleet.

How to install osquery

This article is only a high-level look at what osquery is capable of. If you are interested in trying out osquery for yourself, follow the installation guides for macOS, Windows, Linux, and FreeBSD.

Deploy osquery at scale

To deploy osquery at scale across your organization’s devices, an osquery manager, such as Fleet, is required. Fleet makes osquery easy to deploy and scales to your organization’s needs. With Fleet, you can supercharge osquery to:

  • Maintain secure laptops and servers.
  • Interpret incidents accurately and make decisions using real-time device data.
  • Notify your team when a CVE is detected.
  • Verify changes made with other systems in your security environment.
  • Keep an accurate inventory of all your devices and software, including those with vulnerabilities.
  • Meet compliance goals.
  • Automate security workflows in a single application.

A screenshot of the Fleet UI

Ready to give Fleet a try? Head over to our try Fleet page, and you can be up and running with a preview environment in less than 5 minutes. Or you can check out the docs to learn how to deploy Fleet across your organization.

Fleet logo
Multi platform Device management Orchestration Software management Integrations Pricing
Documentation Support Docs API Release notes Get your license
Company About News Jobs Logos/artwork Why open source?
ISO 27001 coming soon a small checkmarkSOC2 Type 2 Creative Commons Licence CC BY-SA 4.0
© 2025 Fleet Inc. Privacy
Slack logo GitHub logo LinkedIn logo X (Twitter) logo Youtube logo Mastadon logo
Tried Fleet yet?

Get started with Fleet

Start
continue
×