There are three properties that differentiate osquery from other technologies; osquery is “platform agnostic”, meaning it can run on a wide array of machines. Osquery is also extremely scalable, as it has been used over at Facebook, demonstrating that it can run on one machine or hundreds of thousands of machines. Finally, osquery is an open source project, meaning that the community is doing much of the development and pushing the technology forward.
This lighting talk demonstrates the value of osquery as an open project, especially in security settings. While only scratching the surface of osquery, Jason does a great job explaining the factors that are making osquery one of the most important open source projects available today while painting a broad picture of the platform’s capabilities and uses.