This repo contains a security whitepaper on osquery for Mac Management in PDF, Pages, and preliminary Markdown format.

Facebook started the osquery project after assessing the products available to secure their production Linux servers and Mac fleet. Nothing on the market allowed them to have adequate performance and deep inspection via native APIs, nor could they discover the state of systems while subscribing to events at scale (hundreds of thousands of systems). This whitepaper details its use specifically on Macs.