chainguard-dev/osquery-defense-kit external links

---

GitHub - View repository

GitHub.dev - Open in online code editor

Star history - Growth chart over time

deps.dev - Dependencies and security vulnerabilities

Gitingest - Export source code for LLM usage

Repomix - Export source code for LLM usage

uithub - Export source code for LLM usage

Close

chainguard-dev/osquery-defense-kit

Readme badge preview -

If you own this repo, copy the snippet below and add it to your README.md

---

Copy

[![RelatedRepos](https://img.shields.io/badge/related-repos-yellow)](https://relatedrepos.com/gh/chainguard-dev/osquery-defense-kit)

Close

chainguard-dev / osquery-defense-kitView on GitHubMore

• External links
• Readme badge

Production-ready detection & response queries for osquery

☆603Apr 8, 2026Updated this week

Alternatives and similar repositories for osquery-defense-kit

Users that are interested in osquery-defense-kit are comparing it to the libraries listed below. We may earn a commission when you buy through links labeled 'Ad' on this page.

• chainguard-sandbox / osqtool

  View on GitHub
  Automated testing, generation & manipulation of #osquery packs
  ☆74Oct 16, 2024Updated last year
• Kirtar22 / ThreatHunting_with_Osquery

  View on GitHub
  Threat Hunting & Incident Investigation with Osquery
  ☆217Mar 30, 2022Updated 4 years ago
• teoseller / osquery-attck

  View on GitHub
  Mapping the MITRE ATT&CK Matrix with Osquery
  ☆809May 11, 2023Updated 2 years ago
• anelshaer / Remote-Linux-Triage-Collection-using-OSquery

  View on GitHub
  Remotely collect linux live forensics artifacts.
  ☆14Jul 8, 2022Updated 3 years ago
• jmpsec / osctrl

  View on GitHub
  Fast and efficient osquery management
  ☆497Apr 3, 2026Updated last week
• Managed Database hosting by DigitalOcean • Ad
  PostgreSQL, MySQL, MongoDB, Kafka, Valkey, and OpenSearch available. Automatically scale up storage and focus on building your apps.
• threathunters-io / laurel

  View on GitHub
  Transform Linux Audit logs for SIEM usage
  ☆824Mar 5, 2026Updated last month
• DataDog / threatest

  View on GitHub
  Threatest is a CLI and Go framework for end-to-end testing threat detection rules.
  ☆341Updated this week
• palantir / osquery-configuration

  View on GitHub
  A repository for using osquery for incident detection and response
  ☆890Sep 8, 2025Updated 7 months ago
• jamf / aftermath

  View on GitHub
  Aftermath is a free macOS IR framework
  ☆578Sep 25, 2025Updated 6 months ago
• matanolabs / matano

  View on GitHub
  Open source security data lake for threat hunting, detection & response, and cybersecurity analytics at petabyte scale on AWS
  ☆1,668Jan 8, 2025Updated last year
• Cisco-Talos / osquery_queries

  View on GitHub
  Cisco Orbital - Osquery queries by Talos
  ☆136Aug 23, 2024Updated last year
• tstromberg / sunlight

  View on GitHub
  Linux #rootkit and #malware revealer
  ☆31Aug 1, 2024Updated last year
• DataDog / stratus-red-team

  View on GitHub
  Granular, Actionable Adversary Emulation for the Cloud
  ☆2,292Updated this week
• defensivedepth / osquery-filters

  View on GitHub
  ☆34Aug 8, 2023Updated 2 years ago
• 1-Click AI Models by DigitalOcean Gradient • Ad
  Deploy popular AI models on DigitalOcean Gradient GPU virtual machines with just a single click. Zero configuration with optimized deployments.
• cado-security / varc

  View on GitHub
  Volatile Artifact Collector collects a snapshot of volatile data from a system. It tells you what is happening on a system, and is of par…
  ☆254Nov 18, 2024Updated last year
• infosecB / awesome-detection-engineering

  View on GitHub
  Detection Engineering is a tactical function of a cybersecurity defense program that involves the design, implementation, and operation o…
  ☆1,164Apr 1, 2026Updated last week
• elastic / protections-artifacts

  View on GitHub
  Elastic Security detection content for Endpoint
  ☆1,399Updated this week
• tstromberg / ttp-bench

  View on GitHub
  Adversary emulation for EDR/SIEM testing (macOS/Linux)
  ☆54Mar 23, 2026Updated 3 weeks ago
• rabobank-cdc / DeTTECT

  View on GitHub
  Detect Tactics, Techniques & Combat Threats
  ☆2,277Jan 21, 2026Updated 2 months ago
• chainguard-dev / malcontent

  View on GitHub
  #supply #chain #attack #detection
  ☆649Updated this week
• jatrost / awesome-detection-rules

  View on GitHub
  This is a collection of threat detection rules / rules engines that I have come across.
  ☆298May 5, 2024Updated last year
• mandiant / thiri-notebook

  View on GitHub
  The Threat Hunting In Rapid Iterations (THIRI) Jupyter notebook is designed as a research aide to let you rapidly prototype threat huntin…
  ☆154Apr 25, 2022Updated 3 years ago
• elastic / detection-rules

  View on GitHub
  ☆2,546Updated this week
• Managed hosting for WordPress and PHP on Cloudways • Ad
  Managed hosting for WordPress, Magento, Laravel, or PHP apps, on multiple cloud providers. Deploy in minutes on Cloudways by DigitalOcean.
• ScarredMonk / SysmonSimulator

  View on GitHub
  Sysmon event simulation utility which can be used to simulate the attacks to generate the Sysmon Event logs for testing the EDR detection…
  ☆867Jan 20, 2022Updated 4 years ago
• panther-labs / panther-analysis

  View on GitHub
  Built-in Panther detection rules and policies
  ☆446Updated this week
• mdecrevoisier / EVTX-to-MITRE-Attack

  View on GitHub
  Set of EVTX samples (>270) mapped to MITRE ATT&CK tactic and techniques to measure your SIEM coverage or developed new use cases.
  ☆621Dec 8, 2025Updated 4 months ago
• SophosRapidResponse / OSQuery

  View on GitHub
  ☆88Mar 7, 2025Updated last year
• mandiant / macos-UnifiedLogs

  View on GitHub
  A cross platform parser for Apple UnifiedLogs!
  ☆338Mar 8, 2026Updated last month
• elastic / dorothy

  View on GitHub
  ☆193Apr 3, 2026Updated last week
• BishopFox / cloudfox

  View on GitHub
  Automating situational awareness for cloud penetration tests.
  ☆2,340Updated this week
• zeronetworks / BlueHound

  View on GitHub
  BlueHound - pinpoint the security issues that actually matter
  ☆759Jul 12, 2023Updated 2 years ago
• CD-R0M / YARA

  View on GitHub
  Hundred Days of Yara Challenge
  ☆12Jun 21, 2022Updated 3 years ago
• GPUs on demand by Runpod - Special Offer Available • Ad
  Run AI, ML, and HPC workloads on powerful cloud GPUs—without limits or wasted spend. Deploy GPUs in under a minute and pay by the second.
• jatrost / awesome-kubernetes-threat-detection

  View on GitHub
  A curated list of resources about detecting threats and defending Kubernetes systems.
  ☆407Sep 2, 2023Updated 2 years ago
• atc-project / atc-react

  View on GitHub
  A knowledge base of actionable Incident Response techniques
  ☆665May 31, 2022Updated 3 years ago
• chronicle / GCTI

  View on GitHub
  ☆552Dec 4, 2023Updated 2 years ago
• FoxIO-LLC / LogSlash

  View on GitHub
  A standard for reducing log volume without sacrificing analytical capability
  ☆216Feb 21, 2025Updated last year
• 3CORESec / SIEGMA

  View on GitHub
  SIEGMA - Transform Sigma rules into SIEM consumables
  ☆159Mar 10, 2025Updated last year
• OTRF / Security-Datasets

  View on GitHub
  Re-play Security Events
  ☆1,732Mar 20, 2024Updated 2 years ago
• google / dfiq

  View on GitHub
  DFIQ is a collection of investigative questions and the approaches for answering them
  ☆305Mar 10, 2026Updated last month