← Package directory
Available on winget

Install osquery

SQL powered operating system instrumentation, monitoring, and analytics.

Install with winget
winget install --id osquery.osquery
Upgrade
winget upgrade --id osquery.osquery
Uninstall
winget uninstall --id osquery.osquery

About osquery

SQL powered operating system instrumentation, monitoring, and analytics.

What's new in 5.23.1

This is a bug and security fix release. What's Changed Fixes - Fix heap buffer overflow in Windows processes table by @seph in #8934 - Fix heap buffer overflow in Windows authenticode table by @seph in #8923 - Fix use-after-free in Linux process_file_events implementation by @zwass in #8950 - Fix incorrect permissions on temporary file carve directories by @zwass in #8961 - Fix documentation for process_open_handles table by @seph in #8853 - Fix subject2 and issuer2 columns for Windows certificates table by @getvictor in #8963 Full Changelog: 5.23.0...5.23.1

Read release notes

Version history

Version Updated Notes
5.23.1 Unknown This is a bug and security fix release. What's Changed Fixes - Fix heap buffer overflow in Windows processes table by @seph in #8934 - Fix heap buffer overflow in Windows authenticode table by @seph in #8923 - Fix use-af...
5.23.0 Unknown What's Changed Features - Add process memory scanning capability to yara table by @brian-mckinney in #8782 - Split yara tables into yara_process and yara_file by @brian-mckinney in #8835 - Add Windows process_open_handle...
5.22.1 Unknown 5.22.0 macOS binaries will not execute because the signing certificate is out of sync with the provisioning profile. 5.22.1 replaces it. What's Changed Features - Make escapeNonPrintableBytes UTF-8 aware by @nulmete in #...
5.21.0 Unknown What's Changed - Improvements to password_policy table by @zwass in #8705 - Improve file traversal performance and correctness by @Krechals in #8704 - Add support for Login Items and Background Services on modern macOS b...
5.20.0 Unknown What's Changed Features/Bugs - Add default path for CA certificate bundle on openSUSE by @iko1 in #8687 - Exclude config views from db migration by @Micah-Kolide in #8678 - Make vscode_extensions more consistently report...
5.19.0 Unknown What's Changed Features - Add table deb_package_files by @zwass in #8657 - Add system_profiler table for macOS by @zwass in #8645 - Add version collate to os_version table's version column by @Micah-Kolide in #8659 - Add...
5.18.1 Unknown Revert "Update Windows runner version in hosted_runners.yml (#8618)" (#8633)
5.17.0 Unknown 5.17.0 Git Commits What's Changed - Add CHANGELOG.md entry for 5.16.0 by @lucasmrod in #8548 - Add symlink_target_path to files tables by @DocEmmetBrown in #8502 - cve: Ignore libarchive CVE-2024-26256 by @Smjert in #854...
5.16.0 Unknown 5.16.0 Git Commits Representing commits from 7 contributors! Thank you all. Table Changes - Fix the python_paths table to skip unnecessary code paths when filtering by directory (#8544) - Added python packages in user di...
5.11.0 Unknown No notes
5.8.2 Unknown No notes
5.6.0 Unknown Table Changes - Add firmware_type column to platform_info on macOS (#7727) - Add additional vendor support for the windows wmi_bios_info table (#7631) - Fix docker_container_processes on macOS (#7746) - Fix process_file_...