OSQuery VS SaltStack

Perhaps the OP means OsQuery: https://github.com/osquery/osquery

OsQuery is an SQLite extension consisting of hundreds of virtual tables

There's at least one open data quality issue for `process_open_sockets` on macOS[1]. It's a few years old however and, if you aren't seeing that casting error, you probably aren't hitting it. But that's a good example of the kind of debt that's been built up over time.

(In terms of general purpose/flexible tooling, I'm not aware of a close replacement for osquery.)

[1]: https://github.com/osquery/osquery/issues/6319

The largest we have successfully deployed is on the OSQuery schema https://osquery.io/ which is 277 tables and lots of business context (malwares, vulnerabilities, Windows registry keys, etc).

From a self hosted standpoint OSQuery or Wazuh are your best bets for monitoring USB devices. Windows makes blocking really challenging and I’m not aware of any “free” solutions that attempt it.

Configure auditd to monitor host activity: https://izyknows.medium.com/linux-auditd-for-threat-detection-d06c8b941505 or osquery: https://osquery.io/ (or similar software: filebeat for example).

OS Query : Easily ask questions about your Linux, Windows, and macOS infrastructure

Osquery + Fleet. https://osquery.io/ https://fleetdm.com/, using the two allows you to build a query to answer what ever questions you (or an auditor) might have about your environment.

In the new style, when the tag is longer than 20 characters, an end of tag string is appended to the tag given by the string constant TAGEND, that is, two line feeds '\n\n'. When the tag is less than 20 characters then the tag is padded with pipes "|" out to 20 characters as before. When the tag is exactly 20 characters no padded is done. source: https://github.com/saltstack/salt/blob/master/salt/utils/event.py

https://github.com/saltstack/salt https://github.com/chocolatey/choco https://github.com/nextcloud https://github.com/authelia/authelia https://github.com/grafana/grafana

SaltStack

One thing that really irks me about Salt, though, is that they are very slow to fix bugs. My Salt states are littered with workarounds for bugs that have been open for multiple years. Even in basic things, like ssh authorized_keys management. Other than bug velocity, though, I've been pretty pleased with Salt.

Here are several related GitHub issues: - https://github.com/saltstack/salt/issues/54791 - https://github.com/saltstack/salt/issues/57541 - https://github.com/saltstack/salt/issues/16089

For clarity, here's the issue: https://github.com/saltstack/salt/issues/64111

Nightly builds on supported branches & master running the full test suite, producing fully tested builds. https://github.com/saltstack/salt/actions/workflows/nightly.yml

It's definitely some sort of AI script. Not this exactly, but something working off Python or scripts of thar nature. https://github.com/saltstack/salt