In this room, I was introduced to Osquery, a powerful endpoint tool that lets analysts query a system like a database. I learned how to run SQL-style queries against endpoints to retrieve information about running processes, installed software, users, and more.
Working with Osquery helped me see how flexible it is for gathering endpoint data quickly and at scale. It was clear how valuable this tool is in both proactive hunting and reactive investigations, since it provides structured insight into what’s happening on a machine.
