Our security team uses this, we’re about 1500 employees. However, I believe they opted to use a fork over this linked version, citing (IIRC) that Facebook’s roadmap for this project was a little bit too unpredictable, and that they weren’t responsive to PRs and community requests. I think we went with https://github.com/osql/osql.
It’s installed on every laptop (chrome books and MacBooks), and I believe on every EC2 instance, and they have nothing but good things to say about it. We did have to come up with an aggregator solution for storing the results of the queries, but I’m under the impression that it wasn’t too big of a lift.
Facebook has since transfered the project to the Linux Foundation, and the group behind osql is largely the same group of maintainers on the current osquery.
It’s installed on every laptop (chrome books and MacBooks), and I believe on every EC2 instance, and they have nothing but good things to say about it. We did have to come up with an aggregator solution for storing the results of the queries, but I’m under the impression that it wasn’t too big of a lift.