packetzero

dnsparser

Simple C++ DNS payload parser

libntstat

C++ library for com.apple.network.statistics kernel events on MacOS/OS X/Darwin

kafka.cr

crystal-lang wrapper around kafka C library

osquery_aws_notes

Best Practices and Integration Testing osquery AWS Logger

crow

C++11 lib for binary encoder/decoder. Like protobuf without needing .proto files

osq_config_report

A tool to generate hyperlinked static HTML from osquery configs and packs

vsqlite_serialize

A self-contained C++ module for osquery-like applications to serialize results, determine differential results, and have flexible protocols.

atomic-harness

A tool to run and validate telemetry for Atomic Red Team tests

atomic-red-team

Small and highly portable detection tests based on MITRE's ATT&CK.

atomic-validation-criteria

auditutils

code1920

conveyor

C++11 library : efficient event cache for osquery agent with multiple read cursor support

csvtoker

Simple C++ CSV line parser

diwebapp

dyno

Dynamic C++ objects for osquery

edarr-deps

falco_builder_ubuntu

fring_bench

Comparison of JSON vs Binary record encoding performance tests with fring

go-atomicredteam

go-atomicredteam is a Golang application to execute tests as defined in the atomics folder of Red Canary's Atomic Red Team project (https://github.com/redcanaryco/atomic-red-team).

gorm-test

libetw

Simple C++ library for Windows ETW event access

mason

Cross platform package manager for C/C++ apps

notes

osquery

SQL powered operating system instrumentation, monitoring, and analytics.

prettysql

SQL Pretty printer using simplesql C++ library, with optional schema awareness

simplesql

C++ library for parsing, evaluating simple SQLite queries and expressions

third-party

All of the dependencies that osquery needs that don't have nice packages

vsqlite

C++11 library for using sqlite3 with virtual tables

yara

The pattern matching swiss knife