osquery

"SQL powered operating system instrumentation, monitoring, and analytics."

oquery runs locally and allows you to inspect your host using sql queries. Tables exist for a variety of useful data, such as file hashes, process list, last user login, etc..

Links

• https://github.com/facebook/osquery
• https://osquery.readthedocs.io
• https://osquery.io/schema/
• https://github.com/UtahDave/salt-vagrant-demo
• https://www.digitalocean.com/community/tutorials/how-to-monitor-your-system-security-with-osquery-on-ubuntu-16-04
• https://kolide.com/fleet - osquery fleet/cluster system