Endpoint telemetry

osquery-extensions

Collection of Trail of Bits extensions that expand what osquery can inspect and expose.

View on GitHub trailofbits/osquery-extensions

Best for

Teams already invested in osquery who want deeper endpoint coverage.

Surface

Endpoint telemetry

Catalog group

Inspect operating systems and endpoint surfaces

Repository

trailofbits/osquery-extensions

From the README

This repository includes osquery extensions developed and maintained by Trail of Bits. If you would like to sponsor the development of an extension, please contact us. Extensions are a type of osquery add-on that can be loaded at runtime to provide new virtual tables. The extensions interface allows organizations to implement proprietary detection methods, or address their individual needs.

Read the full README on GitHub ↗

Related tools · Inspect operating systems and endpoint surfaces

Linuxevents eBPF-based monitoring without shipping kernel headers or a stack of environment-specific bytecode artifacts.
ebpfpub Monitors system and library calls across multiple kernel versions with minimal runtime dependencies.
ebpf-verifier Research prototype for running the eBPF verifier outside the live kernel to make cross-version testing practical.
winchecksec Static inspection of Windows binaries for mitigations like DEP, ASLR, and code integrity.
pe-parse Minimal, security-focused parser for Portable Executable files built to survive malicious or malformed inputs.