osquery 2.7 release: SQL powered operating system instrumentation, monitoring, and analytics
osquery is an operating system instrumentation framework for OS X/macOS, Windows, and Linux. The tools make low-level operating system analytics and monitoring both performant and intuitive.
osquery exposes an operating system as a high-performance relational database. This allows you to write SQL-based queries to explore operating system data. With osquery, SQL tables represent abstract concepts such as running processes, loaded kernel modules, open network connections, browser plugins, hardware events or file hashes.
Change log v2.7:
New features in 2.7.0
#3506 FSEvents on macOS will monitor mount events within already-monitored directories
#3503 OpenBMC events are monitored as process_events on macOS
#3265 Add RapidJSON integration as a boost property tree replacement
#3530 Implement excluded paths for FIM for Linux and macOS
Bug fixes
#3517 Wait for each extension before respawning
#3553 and #3552 Fixing memory leaks in virtual tables
#3534 Improve macOS process start_time column
#3539 Fix sizes for block_devices on macOS and Linux
#3574 Display correct UID for proceses for Domain Users on Windows
#3580 Fix handling of multiple LIKE and GLOB predicates*
and more.
