
Introducing osquery for Windows - megahz
https://m.facebook.com/notes/protect-the-graph/introducing-osquery-for-windows/1775110322729111/
======
jaytaylor
I'm feeling confused.. like I've seen this in the past [0] [1] [2] but had no
idea the project was affiliated with Facebook. Oh wait, I was thinking of
envdb [3].. and meanwhile envdb is renamed to Kolide [4] and is targeting
"osquery command and control".

    
    
        Infinite loop detected.
        Program aborted.
    

[0] [https://github.com/osquery/osquery-
python](https://github.com/osquery/osquery-python)

[1]
[https://encrypted.google.com/search?q=site%3Anews.ycombinato...](https://encrypted.google.com/search?q=site%3Anews.ycombinator.com+osquery)

[2]
[https://news.ycombinator.com/item?id=8528460](https://news.ycombinator.com/item?id=8528460)

[3]
[https://news.ycombinator.com/item?id=9324717](https://news.ycombinator.com/item?id=9324717)

[4] [https://github.com/kolide/kolide](https://github.com/kolide/kolide)

~~~
zwass
I'm one of the founders of Kolide. Hopefully I can clarify these issues.

osquery ([https://osquery.io/](https://osquery.io/)) is an endpoint
instrumentation project from Facebook. It exposes system internals in a SQL
interface (using SQLite internally) so that you can join disparate sources of
data about system state. It originally launched with Linux and OSX support,
and this announcement brings Windows support (though no pre-built binaries
yet). The beauty of this is that we will soon be able to use the same, open-
source endpoint instrumentation tool on a huge range of hosts.

Kolide ([https://kolide.co/](https://kolide.co/)) aims to unlock the power of
osquery's instrumentation through a unified command and control interface.
Mike Arpaia (another Kolide founder) and I have been working on osquery since
Mike started the project at Facebook. We believe strongly in osquery as a
cross-platform open-source agent, and we feel that a proper management
solution will greatly improve the impact of osquery. Soon, Kolide will enable
security, devops, IT and compliance teams to gain insight and take action
across their infrastructure.

EnvDB was a prototype project that led to the formation of Kolide.

Note: We write Go and JS and are hiring engineers who are interested in
solving security problems and working on open source. Remote possible.
([https://angel.co/kolideco/jobs](https://angel.co/kolideco/jobs))

------
foota
Can the link be changed from m.facebook.com to facebook.com?

~~~
digi_owl
I dunno, i find the m. version much more readable...

------
TheAnimus
This is quite nice to see, when I first heard about osquery, I thought "cool
WMI (well WQL) for Linux"

~~~
okket
For Linux & Co it is called OMI:
[https://github.com/Microsoft/omi](https://github.com/Microsoft/omi)

And it is just the API, you can layer osquery or Powershell or Ansible or
whatever on top.

This free Pluralsight course about Powershell for Linux with its inventor
Jeffrey Snover has a module where they talk about DSC/OMI:

[https://www.pluralsight.com/courses/play-by-play-
microsoft-o...](https://www.pluralsight.com/courses/play-by-play-microsoft-
open-source-powershell-linux-mac)

------
andreareina
This is very cool. I've recently come to a very sincere appreciation for SQL,
to the point that I've dumped data into an in-memory SQLite instance just to
to the analysis.

------
euphoria83
I use osquery for linux at my job. But I find its regex capabilities for
specifying paths and various file names very restrictive. I really want to use
this for FIM.

------
tkinom
Is anyone doing a GraphQL API for OsQuery for Windows?

------
revelation
So they have reinvented Windows Management Instrumentation (WMI)? I think it
even uses similar pseudo-SQL queries.

Thank you, I'll stay with the Microsoft solution that will still work in 10
years.

~~~
withzombies
The blog post by the team that did the port (Trail of Bits), mentions that it
uses wmi and shims the data into osquery.

[https://blog.trailofbits.com/2016/09/27/windows-network-
secu...](https://blog.trailofbits.com/2016/09/27/windows-network-security-now-
easier-with-osquery/)

