Developer Seeks Feedback on Osquil, a Schema-Aware Query Workbench for Osquery
A developer has built Osquil, a query workbench designed to make working with osquery easier by addressing common pain points like missing autocomplete and poor schema visibility. The tool uses a CodeMirror-based editor integrated with the osquery schema to suggest tables, columns, and data types as users type, while a sidebar browser surfaces table documentation alongside queries. A built-in library of detection and incident response queries covering areas like persistence mechanisms, suspicious processes, and USB history provides starting points for investigations. Results can be sorted, filtered, and exported to CSV or JSON, and the developer is also experimenting with LLM-assisted query generation grounded in the actual osquery schema. The first version is nearly ready, and the developer is seeking feedback from users with hands-on osquery experience before publishing.
This is an AI-generated summary. ShortSingh links to the original source for the complete article.
Discussion (0)
Log in to join the discussion and vote.
Log in