The goal of this project is to provide community inspired use cases leveraging the visibility of the EclecticIQ endpoint solution. The EclecticIQ endpoint osquery-based agent and EclecticIQ osquery extension provides unrivaled visibility into file, process, users, registry, and network events for all server, workstation, laptop, and container endpoints.
While the content is aligned to the EclecticIQ platform, many of the queries may also function on generic osquery deployments. Given there is no single repository collecting such queries, EclecticIQ is providing open access to all queries in support of the osquery community.
You will need an EclecticIQ endpoint platform installed. You can either download the free version here or speak with EclecticIQ about a commercially available version that includes additional features and functionality.
All content should be tested in a lab environment before executing against anything in production.
EclecticIQ community is an open community where we welcome your involvement. If you're interested in becoming a contributor, check out these resources:
- Join our Slack channel and get involved with the community. Don't forget to review the code of conduct before you join.
- Report bugs and request new features by submitting an issue.
- Read our contribution guide for more information about contributing directly to this repository.
- Check the license for information regarding the distribution and modification of content.
List of other locations providing queries. These sites have not been individually validated and you should review content before executing in your environment. Listed alphabetically: