![query osquery on another machine query osquery on another machine](https://www.guardicore.com/wp-content/uploads/2021/01/map.png)
If you have questions on SQL syntax outside of what’s included in this SQL for osquery tutorial, I recommend as a great reference tool.īefore we jump in, it is helpful to know about dot commands in osquery. As a reference, osquery uses a SQLite syntax.
![query osquery on another machine query osquery on another machine](https://files.speakerdeck.com/presentations/11edb41f519f4cc0b7b0e42f13f8ebca/slide_11.jpg)
Note: This demonstration assumes an extremely basic knowledge of system administration and SQL, and that you already have osquery installed on your system. “Think of this as your SQL for osquery 101 - to be used as your “what now” guideline immediately following your osquery installation.” SQL 101 - SQL Introduction for osquery I’ve tried to apply a logical progression for learning simple to complex SQL query structure as it applies to the first few days/hours of tinkering with osquery. What we’ll explore here in both video and written format is a SQL introduction for osquery filtered by what we’ve learned through a variety of deployment experiences. These docs are certainly helpful, but don’t necessarily follow an early learner’s natural progression.
![query osquery on another machine query osquery on another machine](http://i.stack.imgur.com/00S6Q.jpg)
Those who’ve dabbled in osquery already - or are actively considering it - have likely perused the SQL introduction for osquery documents provided on the osquery website. (Image: SQL second most used programming language based on survey results from )īut even if many people “know” SQL and have used it to query a database before, thinking through how it could be used to query an endpoint is a relatively unfamiliar application, made possible only a short four years ago thanks to the open-source project, osquery.