The basic concept involved with the use of the osquery application is the "tabular abstraction" of many aspects of the operating system, such as processes, users, etc. The data is stored in tables which can be queried using SQL
syntax, directly via the osqueryi
shell, or via the osqueryd
daemon.
This is a companion discussion topic for the original entry at https://linuxconfig.org/how-to-monitor-file-integrity-on-linux-using-osquery