forensics-osquery
OfficialSQL-powered endpoint forensics for rapid IR.
AuthorAgentSecOps
Version1.0.0
Installs0
System Documentation
What problem does it solve?
Osquery-based investigations enable security teams to quickly collect and analyze endpoint evidence using SQL queries, reducing time-to-insight during incidents.
Core Features & Use Cases
- SQL-based interrogation of processes, network connections, files, registry and persistence artifacts across Linux, macOS, and Windows.
- Prebuilt triage and threat-hunting workflows with guided playbooks and MITRE ATT&CK mappings.
- Use cases include rapid incident response, threat hunting, and post-incident forensic timeline construction.
Quick Start
Run the bundled triage script to collect forensic artifacts from the target endpoint and then execute the hunting workflow to map findings to MITRE techniques.
Dependency Matrix
Required Modules
None requiredComponents
scriptsreferencesassets
💻 Claude Code Installation
Recommended: Let Claude install automatically. Simply copy and paste the text below to Claude Code.
Please help me install this Skill: Name: forensics-osquery Download link: https://github.com/AgentSecOps/SecOpsAgentKit/archive/main.zip#forensics-osquery Please download this .zip file, extract it, and install it in the .claude/skills/ directory.
Agent Skills Search Helper
Install a tiny helper to your Agent, search and equip skill from 223,000+ vetted skills library on demand.