osquery is an “endpoint visibility” tool that allows you to run SQL queries to get any information you want about the state of the system like: processes, installed packages and versions, os version, network connectivity, disk usage, etc etc. The list of tables you can query is quite extensive and includes platform-specific data. osquery itself is local-only, but there are a few different projects that can aggregate osquery results across a fleet of devices like osctrl.net / fleetdm.com.
I’ve never used anything like this but it looks intriguing. What do you guys think?