What is osctrl?

osctrl is a fast and efficient osquery management solution, implementing its remote API as TLS endpoint.

With osctrl you are able to:

  • Monitor all your systems running osquery,
  • Distribute osquery configuration fast across all your enrolled nodes,
  • Collect all the status and result logs, whether you want to store them or forward them to a different system (Splunk, ELK, Kafka, Graylog…),
  • Run quasi-real-time on-demand queries in your selected enrolled nodes,
  • Carve files or directories from your enrolled nodes.

osctrl has been designed to work as a scalable and reliable solution. It has been used successfully in networks from hundreds to hundreds of thousands nodes.

Give it a try!