chainguard-dev/osquery-defense-kit external links

---

GitHub - View repository

GitHub.dev - Open in online code editor

Star history - Growth chart over time

deps.dev - Dependencies and security vulnerabilities

Gitingest - Export source code for LLM usage

Repomix - Export source code for LLM usage

uithub - Export source code for LLM usage

Close

chainguard-dev/osquery-defense-kit

Readme badge preview -

If you own this repo, copy the snippet below and add it to your README.md

---

Copy

[![RelatedRepos](https://img.shields.io/badge/related-repos-yellow)](https://relatedrepos.com/gh/chainguard-dev/osquery-defense-kit)

Close

chainguard-dev / osquery-defense-kitView on GitHubMore

• External links
• Readme badge

Production-ready detection & response queries for osquery

☆607Apr 22, 2026Updated last month

Alternatives and similar repositories for osquery-defense-kit

Users that are interested in osquery-defense-kit are comparing it to the libraries listed below. We may earn a commission when you buy through links labeled 'Ad' on this page.

• chainguard-sandbox / osqtool

  View on GitHub
  Automated testing, generation & manipulation of #osquery packs
  ☆75May 29, 2026Updated 2 weeks ago
• Kirtar22 / ThreatHunting_with_Osquery

  View on GitHub
  Threat Hunting & Incident Investigation with Osquery
  ☆219Mar 30, 2022Updated 4 years ago
• teoseller / osquery-attck

  View on GitHub
  Mapping the MITRE ATT&CK Matrix with Osquery
  ☆810May 11, 2023Updated 3 years ago
• anelshaer / Remote-Linux-Triage-Collection-using-OSquery

  View on GitHub
  Remotely collect linux live forensics artifacts.
  ☆14Jul 8, 2022Updated 3 years ago
• jmpsec / osctrl

  View on GitHub
  Fast and efficient osquery management
  ☆503May 28, 2026Updated 2 weeks ago
• Deploy on Railway without the complexity - Free Credits Offer • Ad
  Connect your repo and Railway handles the rest with instant previews. Quickly provision container image services, databases, and storage volumes.
• threathunters-io / laurel

  View on GitHub
  Transform Linux Audit logs for SIEM usage
  ☆833Jun 6, 2026Updated last week
• DataDog / threatest

  View on GitHub
  Threatest is a CLI and Go framework for end-to-end testing threat detection rules.
  ☆342May 24, 2026Updated 2 weeks ago
• palantir / osquery-configuration

  View on GitHub
  A repository for using osquery for incident detection and response
  ☆895Sep 8, 2025Updated 9 months ago
• jamf / aftermath

  View on GitHub
  Aftermath is a free macOS IR framework
  ☆583Sep 25, 2025Updated 8 months ago
• matanolabs / matano

  View on GitHub
  Open source security data lake for threat hunting, detection & response, and cybersecurity analytics at petabyte scale on AWS
  ☆1,675Jan 8, 2025Updated last year
• Cisco-Talos / osquery_queries

  View on GitHub
  Cisco Orbital - Osquery queries by Talos
  ☆136Aug 23, 2024Updated last year
• tstromberg / sunlight

  View on GitHub
  Linux #rootkit and #malware revealer
  ☆31Aug 1, 2024Updated last year
• defensivedepth / osquery-filters

  View on GitHub
  ☆34Aug 8, 2023Updated 2 years ago
• DataDog / stratus-red-team

  View on GitHub
  Granular, Actionable Adversary Emulation for the Cloud
  ☆2,336Jun 4, 2026Updated last week
• Deploy on Railway without the complexity - Free Credits Offer • Ad
  Connect your repo and Railway handles the rest with instant previews. Quickly provision container image services, databases, and storage volumes.
• cado-security / varc

  View on GitHub
  Volatile Artifact Collector collects a snapshot of volatile data from a system. It tells you what is happening on a system, and is of par…
  ☆253Nov 18, 2024Updated last year
• infosecB / awesome-detection-engineering

  View on GitHub
  Detection Engineering is a tactical function of a cybersecurity defense program that involves the design, implementation, and operation o…
  ☆1,208Jun 3, 2026Updated last week
• tstromberg / ttp-bench

  View on GitHub
  Adversary emulation for EDR/SIEM testing (macOS/Linux)
  ☆54Updated this week
• elastic / protections-artifacts

  View on GitHub
  Elastic Security detection content for Endpoint
  ☆1,434Jun 5, 2026Updated last week
• rabobank-cdc / DeTTECT

  View on GitHub
  Detect Tactics, Techniques & Combat Threats
  ☆2,296Jun 2, 2026Updated last week
• chainguard-dev / malcontent

  View on GitHub
  #supply #chain #attack #detection
  ☆666Updated this week
• jatrost / awesome-detection-rules

  View on GitHub
  This is a collection of threat detection rules / rules engines that I have come across.
  ☆300May 5, 2024Updated 2 years ago
• mandiant / thiri-notebook

  View on GitHub
  The Threat Hunting In Rapid Iterations (THIRI) Jupyter notebook is designed as a research aide to let you rapidly prototype threat huntin…
  ☆154Apr 25, 2022Updated 4 years ago
• elastic / detection-rules

  View on GitHub
  ☆2,613Updated this week
• Deploy on Railway without the complexity - Free Credits Offer • Ad
  Connect your repo and Railway handles the rest with instant previews. Quickly provision container image services, databases, and storage volumes.
• ScarredMonk / SysmonSimulator

  View on GitHub
  Sysmon event simulation utility which can be used to simulate the attacks to generate the Sysmon Event logs for testing the EDR detection…
  ☆867Jan 20, 2022Updated 4 years ago
• panther-labs / panther-analysis

  View on GitHub
  Built-in Panther detection rules and policies
  ☆452Jun 4, 2026Updated last week
• mdecrevoisier / EVTX-to-MITRE-Attack

  View on GitHub
  Set of EVTX samples (>270) mapped to MITRE ATT&CK tactic and techniques to measure your SIEM coverage or developed new use cases.
  ☆628May 21, 2026Updated 3 weeks ago
• SophosRapidResponse / OSQuery

  View on GitHub
  ☆87Mar 7, 2025Updated last year
• elastic / dorothy

  View on GitHub
  ☆194May 26, 2026Updated 2 weeks ago
• mandiant / macos-UnifiedLogs

  View on GitHub
  A cross platform parser for Apple UnifiedLogs!
  ☆359Updated this week
• BishopFox / cloudfox

  View on GitHub
  Automating situational awareness for cloud penetration tests.
  ☆2,421May 26, 2026Updated 2 weeks ago
• zeronetworks / BlueHound

  View on GitHub
  BlueHound - pinpoint the security issues that actually matter
  ☆765Jul 12, 2023Updated 2 years ago
• CD-R0M / YARA

  View on GitHub
  Hundred Days of Yara Challenge
  ☆12Jun 21, 2022Updated 3 years ago
• Managed hosting for WordPress and PHP on Cloudways • Ad
  Managed hosting for WordPress, Magento, Laravel, or PHP apps, on multiple cloud providers. Deploy in minutes on Cloudways by DigitalOcean.
• jatrost / awesome-kubernetes-threat-detection

  View on GitHub
  A curated list of resources about detecting threats and defending Kubernetes systems.
  ☆406Sep 2, 2023Updated 2 years ago
• atc-project / atc-react

  View on GitHub
  A knowledge base of actionable Incident Response techniques
  ☆666May 31, 2022Updated 4 years ago
• chronicle / GCTI

  View on GitHub
  ☆553Dec 4, 2023Updated 2 years ago
• FoxIO-LLC / LogSlash

  View on GitHub
  A standard for reducing log volume without sacrificing analytical capability
  ☆216Feb 21, 2025Updated last year
• OTRF / Security-Datasets

  View on GitHub
  Re-play Security Events
  ☆1,769Mar 20, 2024Updated 2 years ago
• 3CORESec / SIEGMA

  View on GitHub
  SIEGMA - Transform Sigma rules into SIEM consumables
  ☆160Mar 10, 2025Updated last year
• google / dfiq

  View on GitHub
  DFIQ is a collection of investigative questions and the approaches for answering them
  ☆309Mar 10, 2026Updated 3 months ago