We stand with Ukraine to help keep people safe. Join us
All Apps
Best AppsReviewsComparisonsHow-To
When you purchase through links on our site, we may earn an affiliate commission

osquery for Mac

Query your devices like a database.

Free
In English

osquery overview

osquery uses basic SQL commands to leverage a relational data-model to describe a device.

Processes running without a binary on disk

Frequently, attackers will leave a malicious process running but delete the original binary on disk. This query returns any process whose original binary has been deleted, which could be an indicator of a suspicious process.

Three things you should know about osquery
  • It's fast and tested: Our build infrastructure ensures that newly introduced code is benchmarked and tested. We perform continuous testing for memory leaks, thread safety, and binary reproducibility on all supported platforms.
  • It runs everywhere: Windows, macOS, CentOS, FreeBSD, and almost every Linux OS released since 2011 are supported with no dependencies. osquery powers some of the most demanding companies, including Facebook.
  • It's open source: Osquery is released under the Apache License. Ever since we open-sourced it in 2014, organizations and individuals have contributed an ever-growing list of impressive features, useful tools, and helpful documentation.

What’s new in version 5.12.2

Bug Fixes
  • Revert Don't add ATC table name to registry until after sqlite DB initialization #8233 (#8334)
Build
  • CI: Fix macOS python dependencies install step (#8308)
View older osquery versions

osquery for Mac

Free
In English
Version 5.12.2
Write a detailed review about osquery

Write your thoughts in our old-fashioned comment

MacUpdate Comment Policy. We strongly recommend leaving comments, however comments with abusive words, bullying, personal attacks of any type will be moderated.
0.0

(1 Reviews of osquery)

  • Comments

  • User Ratings

Just-Fred
Just-Fred
May 3 2023
5.8.2
0.0
May 3 2023
0.0
Version: 5.8.2
I finally found a use for OSQUERY. Or perhaps I should say, found a product that uses it: Vanta. Vanta is a SOC 2 compliance tool that once installed on a workstation, monitors for "un-binaried" processes (processes for which there isn't an app; malware) and other items that may raises suspicions. Vanta is effectively spyware, so I'd only put it on company-provided hardware, and there isn't (to my knowledge) any end-user purpose. Still, OSQUERY is the basis for how Vanta works. There may be some applicability for geeky types who wish to dig into the innards of their macOS.
Help the community
There are no ratings yet, be the first to leave one

How would you rate osquery?