[rst13]

Thanks for the detailed reply! I see custom policy/assertions on kernel behavior as powerful. As a current osquery user managing a fleet of 10k+ hosts (mostly Linux boxes) I find the query model resonates in terms of ux. We have a set of SQL pipelines that run on top of it at my org. osq works well for monitoring but not detections. So this direction is interesting, I'll forward to my detection eng folks

[rafaeldavidtin]

I'm looking forward to talking them. Let them know we have a free of charge partnering program right now (where they can be design partners for the tool, get integrations and features that attend their needs and support). This is meant for medium/big sized companies with specific needs so we can better shape the tool. Ping me if you have any doubts. Cheers!