Polylogyx osquery agent
PolyLogyx OSQuery Agent

One OSQuery-based Agent for All

First and only full-featured Windows extension to OSQuery, with real-time eventing using kernel-based design. It is also the only Windows OSQuery-based agent with response capabilities to take action during incident response. You can now use the PolyLogyx fleet manager or any other fleet manager to manage consistently across Windows, Linux, and Mac OS endpoints.

View on GitHub
  • Supported Platforms:
  • Windows


One Agent for All

If you are using a custom combination of OSQuery, Sysmon, OSSEC and other tools to consolidate the data, a single PolyLogyx agent can address all your needs including interrogation, real-time telemetry, log extraction into a queryable table, and to take response action.

Response Action

Take response action on Windows endpoints such as stopping a bad process, deleting a malicious file, isolating a compromised endpoint or changing a firewall setting.

Filter Events

To avoid flooding of activity that may not be relevant, add filter rules to select real-time activity that is captured.

Extend The Extension

Access any application data on an endpoint (such as process info from a SCADA system or the status of an CT-Scanner, as long as it has an SDK).

Follow PolyLogyx on Github for updates, feature requests and other community fun.

PolyLogyx on GitHub