An Introduction to Osquery What is osquery? Osquery is an incredibly powerful and flexible endpoint detection and observability tool. It exposes an OS as a relational database that can be queried using a SQL-like query language. Using this there is a huge amount of security, compliance, and even sysadmin tasks that can be empowered by it. How do I run osquery? Osquery generally supports two modes of operation, an interactive shell mode (as the executable osqueryi) or as a daemonized service (as the executable osqueryd).