PolyLogyx OSQuery Agent
One OSQuery-based Agent for All
First and only full-featured Windows extension to OSQuery, with real-time eventing using kernel-based design. It is also the only Windows OSQuery-based agent with response capabilities to take action during incident response. You can now use the PolyLogyx fleet manager or any other fleet manager to manage consistently across Windows, Linux, and Mac OS endpoints.View on GitHub
- Supported Platforms:
One Agent for All
If you are using a custom combination of OSQuery, Sysmon, OSSEC and other tools to consolidate the data, a single PolyLogyx agent can address all your needs including interrogation, real-time telemetry, log extraction into a queryable table, and to take response action.
Take response action on Windows endpoints such as stopping a bad process, deleting a malicious file, isolating a compromised endpoint or changing a firewall setting.
To avoid flooding of activity that may not be relevant, add filter rules to select real-time activity that is captured.
Extend The Extension
Access any application data on an endpoint (such as process info from a SCADA system or the status of an CT-Scanner, as long as it has an SDK).
Follow PolyLogyx on Github for updates, feature requests and other community fun.