SQL introduction for osquery

SQL (Standard Query Language) will be in its mid-forties later this month having been introduced by its creators Donald Chamberlin and Raymond Boyce in the 1970s. Given its age, it isn’t so hard to understand how the 2017 Stack Overflow Developers Survey uncovered that SQL is the second-most common programming language, used by 50% of developers and beaten only by JavaScript. 

StackOverFlowSurvey(Image: SQL second most used programming language based on survey results from https://www.stackoverflow.com)

But even if many people “know” SQL and have used it to query a database before, thinking through how it could be used to query an endpoint is a relatively unfamiliar application, made possible only a short four years ago thanks to the open-source project, osquery.

Those who’ve dabbled in osquery already – or are actively considering it – have likely perused the SQL introduction for osquery documents provided on the osquery website. These docs are certainly helpful, but don’t necessarily follow an early learner’s natural progression. What we’ll explore here in both video and written format is a SQL introduction for osquery filtered by what we’ve learned through a variety of deployment experiences. I’ve tried to apply a logical progression for learning simple to complex SQL query structure as it applies to the first few days/hours of tinkering with osquery.

“Think of this as your SQL for osquery 101 – to be used as your “what now” guideline immediately following your osquery installation.” 

SQL 101 – SQL Introduction for (Read more...)

*** This is a Security Bloggers Network syndicated blog from Uptycs Blog authored by Doug Wilson. Read the original post at: https://www.uptycs.com/blog/sql-introduction-for-osquery