Facebook Builds Open-Source Osquery for Security Insight
The tool is designed to expose what's going on inside an OS. Osquery, Facebook's new open-source framework, could give enterprises new security insight.Facebook today announced a new open-source framework, called osquery, that could yield new security insight for enterprises. Osquery is designed to turn operating system information into a format that can be queried using standard SQL-based statements. "Osquery exposes an operating system as a high-performance relational database," Facebook developer Mike Arpaia wrote in a Facebook note. "This design allows you to write SQL-based queries efficiently and easily to explore operating systems." While osquery makes use of SQL, the technology is not actually backed by any actual database, though it is designed to behave as though a database is present. Instead, the osquery platform coverts SQL queries into low-level operating system code to get the right answers. The actual osquery tables are created using an API built by Facebook that leverages the Python and C++ programming languages. Among the tools Facebook is providing as part of the osquery open-source effort is the osqueryi interactive query console. According to Facebook's Github page on the tool, "osqueryi lets you run commands and query osquery tables."
From a logging perspective, the osquery platform enables an administrator to specify what items should be logged to a filesystem. Additionally, the osquery platform can be integrated with a security information and event management (SIEM) platform as well.