osctrl
What is osctrl?
osctrl is a fast and efficient osquery management solution, implementing its remote API as TLS endpoint.
With osctrl you are able to:
- Monitor all your systems running osquery,
- Distribute osquery configuration fast across all your enrolled nodes,
- Collect all the status and result logs, whether you want to store them or forward them to a different system (Splunk, ELK, Kafka, Graylog…),
- Run quasi-real-time on-demand queries in your selected enrolled nodes,
- Carve files or directories from your enrolled nodes.
osctrl has been designed to work as a scalable and reliable solution. It has been used successfully in networks from hundreds to hundreds of thousands nodes.
Give it a try!
https://github.com/jmpsec/osctrl