https://github.com/igor-suhorukov/postgres_osquery
Running "osquery" queries from PostgreSQL
https://github.com/igor-suhorukov/postgres_osquery
monitoring osquery performance-metrics postgresql siem
Last synced: about 2 months ago
JSON representation
Running "osquery" queries from PostgreSQL
- Host: GitHub
- URL: https://github.com/igor-suhorukov/postgres_osquery
- Owner: igor-suhorukov
- Created: 2023-09-05T17:31:01.000Z (almost 2 years ago)
- Default Branch: main
- Last Pushed: 2023-09-05T18:08:44.000Z (almost 2 years ago)
- Last Synced: 2025-03-29T16:41:35.411Z (3 months ago)
- Topics: monitoring, osquery, performance-metrics, postgresql, siem
- Language: PLpgSQL
- Homepage: https://medium.com/@igor.suhorukov/postgresql-and-osquery-integration-access-os-hardware-metrics-and-store-it-your-database-921ae4a6df27
- Size: 9.77 KB
- Stars: 4
- Watchers: 1
- Forks: 0
- Open Issues: 0
-
Metadata Files:
- Readme: README.md
Awesome Lists containing this project
README
# postgres_osquery
Running "osquery" queries from PostgreSQL
The simplest way to integrate OSQuery into PostgreSQL is just to demonstrate the idea. The full implementation should be interacting with the running process using [unix sockets and Thrift serialization](https://github.com/osquery/osquery-python) and is not included in this repository.
I use following Dockerfile to test queries in container
``` Dockerfile
FROM postgis/postgis:15-3.3
RUN sh -c "echo 'deb [arch=amd64] https://pkg.osquery.io/deb deb main' > /etc/apt/sources.list.d/osquery.list"
RUN apt-key adv --keyserver keyserver.ubuntu.com --recv-keys 1484120AC4E9F8A1A577AEEE97A80C63C9D8B80B
RUN apt update && apt install -y osquery
```
initialize postgresql functions for osquery:
```psql
CREATE EXTENSION plpython3u;
\i functions.sql
--import types
\i osquery_types.sql
```