Introducing usql: An Interactive Command Line Tool for osquery and Uptycs

If you like a command line and want a way to access osquery data stored in your various Uptycs databases (global | realtime | timemachine), you’ll want to install and use usql. usql is written in python and uses the dbcli framework. It functions like osqueryi, giving you the ability to run a query or multiple queries against all enrolled assets in Uptycs. 

Motivation

The main intention behind creating this tool was to enable system automation with command line scripting for Uptycs users. We’ve created access to Uptycs SQL interface through the command line and built functionality that is able to do the following:

• Provide query output for day to day security/osquery analysis
• Ability to run a query or multiple queries against all the enrolled assets in Uptycs
• Give access to all the data stored in Uptycs global store
• Leverage Uptycs Time Machine capability to explore specific time intervals
• Use shell script or python script to define workflow and analyze data
• Enable some system automation

Installing usql

Installing usql on your laptop is very easy. If you have python and pip tools installed on your machine, then use the following command:

    pip install -U usql

    “-U” option is for getting the latest version of usql from PyPi.

Using usql

usql uses Uptycs APIs for sending SQL queries and getting data from Uptycs. With usql, the user experience will be similar to an RDBMS command line interaction. There are some meta-commands which are similar to SQLite, and there are some (Read more...)