osquery is SQL-driven operating system of analysis and monitoring tools, operating systems analysis framework that supports OS X and Linux systems. osquery can help monitor and analyze low-level operating system, providing a more intuitive performance monitoring. 4.1.0 version reads as follows:
New Features / Under the Hood improvements
- Extended SDK restore and build support
- Improved documentation
- Adding more testing throughout the code base
- Allowing the use Linux Audit mark configure more settings
- Add logger_tls_max_lines logo
- Adding support for AWS Session Token
Build
- OpenSSL upgraded to 1.0.2t in on all platforms
- Use SQLite 3.29.0 on Windows and MacOS
- Use aws-sdk-cpp source on Windows and MacOS Construction
- Add a variety of code quality checks and utilities
Bug Fixes
- The Windows MSI ErrorControl set to normal rather than critical
- Improved use of neutron module CMake
- Repair MacOS application-layer firewall table
- Fix the problem BPF event table
- Reconstruction and improvement of Linux PCI device table
- The PID table index on Windows processes
- Improved WHERE IN () Performance
- Improving internal HTTP client
Table Changes
- To Darwin (Apple OS X) added a table alf_services
- Add Table connectivity, default_environment and windows_security_products for Microsoft Windows
For details, see the release notes: