OSquery is an open source tool that uses basic SQL commands to leverage a relational data-model to describe a device. They are the most downloaded security repo on GitHub and were developed by Facebook Engineers.
OSQuery provides a simple PKG to push out the software. Using Addigy, we can push this out silently to all our machines quite easily.
1. Download the PKG from their official webpage.
(At the time of this article they were on 3.2.6)
Now that we have the PKG, Lets create a Custom Software item with this PKG. We'll deploy this Custom Software item to our machines after it's complete.
2. Navigate to Policies -> Catalog -> Custom Software -> Add Software
This will bring up the modal to create your Custom Software. Set a Name, and Version then press Create.
3. Lets configure our Custom Software
From here, Upload your file on step 2,
then press the Play button under instruction,
this will auto generate a installation script for you.
Once thats complete, this is the minimum configuration needed, you can now save your custom software.
4. Now lets add that custom software to our policies.
Navigate to your policy (mine is Joel's Test)
Add your OSQuery Custom Software,
then Deploy Changes,
And your done!
Here's a small example of the power of OSQuery, more examples can be found on their website.
If you have an Addigy account and have additional questions, you can create a ticket by emailing firstname.lastname@example.org.
Alternatively, you can submit a support request within Addigy.