7:["$","div",null,{"className":"pt-6 pb-10","children":[[["$","h1",null,{"className":"text-2xl md:text-4xl sm:max-w-lg md:max-w-2xl sm:mx-auto lg:max-w-none lg:text-[52px] text-center font-black lg:leading-[1.2] px-6 sm:px-0","children":"Why do I like OSQuery?"}],["$","div",null,{"className":"mt-8 flex flex-col items-center gap-6 md:hidden","children":[["$","$L20",null,{"href":"/users/gatewaynode","children":["$","div",null,{"className":"flex items-center gap-3.5","children":[["$","img",null,{"src":"https://cdn.hashnode.com/res/hashnode/image/upload/v1644251155945/rz4Ibux5f.png","alt":"gatewaynode","className":"h-12 w-12 bg-slate-200 rounded-full"}],["$","span",null,{"className":"font-medium text-foreground-600 dark:text-foreground-200","children":"gatewaynode"}]]}]}],["$","div",null,{"className":"flex items-center justify-center text-lg gap-4 text-foreground-500","children":[[["$","div",".1",{"className":"flex items-center gap-2","children":[["$","svg",null,{"xmlns":"http://www.w3.org/2000/svg","fill":"none","viewBox":"0 0 24 24","strokeWidth":1.5,"stroke":"currentColor","className":"w-5 h-5","children":["$","path",null,{"strokeLinecap":"round","strokeLinejoin":"round","d":"M12 6.042A8.967 8.967 0 0 0 6 3.75c-1.052 0-2.062.18-3 .512v14.25A8.987 8.987 0 0 1 6 18c2.305 0 4.408.867 6 2.292m0-14.25a8.966 8.966 0 0 1 6-2.292c1.052 0 2.062.18 3 .512v14.25A8.987 8.987 0 0 0 18 18a8.967 8.967 0 0 0-6 2.292m0-14.25v14.25"}]}],["$","span",null,{"children":[1," min read"]}]]}],false]]}]]}],["$","div",null,{"className":"mt-10 hidden md:flex items-center justify-center text-lg gap-4 text-foreground-500 dark:text-foreground-400","children":[[["$","$L20",".0",{"href":"/users/gatewaynode","children":["$","div",null,{"className":"flex items-center gap-3.5","children":[["$","img",null,{"src":"https://cdn.hashnode.com/res/hashnode/image/upload/v1644251155945/rz4Ibux5f.png","alt":"gatewaynode","className":"h-12 w-12 bg-slate-200 rounded-full"}],["$","span",null,{"className":"font-medium text-foreground-600 dark:text-foreground-200","children":"gatewaynode"}]]}]}],["$","span",null,{"className":"text-foreground-400","children":"·"}]],[["$","div",".2",{"className":"flex items-center gap-2","children":[["$","svg",null,{"xmlns":"http://www.w3.org/2000/svg","fill":"none","viewBox":"0 0 24 24","strokeWidth":1.5,"stroke":"currentColor","className":"w-5 h-5","children":["$","path",null,{"strokeLinecap":"round","strokeLinejoin":"round","d":"M12 6.042A8.967 8.967 0 0 0 6 3.75c-1.052 0-2.062.18-3 .512v14.25A8.987 8.987 0 0 1 6 18c2.305 0 4.408.867 6 2.292m0-14.25a8.966 8.966 0 0 1 6-2.292c1.052 0 2.062.18 3 .512v14.25A8.987 8.987 0 0 0 18 18a8.967 8.967 0 0 0-6 2.292m0-14.25v14.25"}]}],["$","span",null,{"children":[1," min read"]}]]}],false]]}],["$","div",null,{"className":"mt-8 flex items-center justify-center gap-3 md:gap-6","children":[false,["$","$L21",null,{"likedBy":{"edges":[],"totalDocuments":0}}]]}]],false,false,["$","$L22",null,{"html":"

Mainly because it let's me leverage my knowledge of SQL to dig through various boxes without having to learn hundreds of tools or archaic API's to get the job done. Nowhere has this been more obvious than in security response, where hunting for Indicators Of Compromise is normally a very tough challenge, but with OSQuery is relatively easy. Especially when you have well authored query tool kits like these:

\n"}],["$","$L23",null,{"post":{"title":"Why do I like OSQuery?","slug":"why-do-i-like-osquery","publication":{"id":"62014837295d276006777082","url":"https://gatewaynode.com"},"bookmarked":false,"author":{"id":"620148133a8a6e5fe1199efe","name":"gatewaynode","bio":{"text":""},"username":"gatewaynode","profilePicture":"https://cdn.hashnode.com/res/hashnode/image/upload/v1644251155945/rz4Ibux5f.png","following":false},"coverImage":null,"reactionCount":0,"responseCount":0,"tags":[{"name":"blueteam","slug":"blueteam"},{"name":"osquery","slug":"osquery"},{"name":"infosec","slug":"infosec-cjbi6apo9015yaywu2micx2eo"},{"name":"SQL","slug":"sql"}],"content":{"html":"

OSQuery Defense Kit

\n"},"features":{"tableOfContents":{"isEnabled":false,"items":[]}},"featured":false,"featuredAt":null,"readTimeInMinutes":1,"replyCount":0,"likedByMe":{"edges":[]},"likedBy":"$24","seo":{"title":null,"description":null}}}],["$","div",null,{"className":"mt-20 text-center max-w-lg mx-auto px-6 sm:px-0","children":["$","$L26",null,{"authorName":"gatewaynode","publicationId":"62014837295d276006777082"}]}],["$","div",null,{"className":"mt-20 flex items-center justify-center flex-wrap gap-4","children":[["$","$L27","blueteam",{"as":"$20","href":"/tags/blueteam","children":"blueteam"}],["$","$L27","osquery",{"as":"$20","href":"/tags/osquery","children":"osquery"}],["$","$L27","infosec-cjbi6apo9015yaywu2micx2eo",{"as":"$20","href":"/tags/infosec-cjbi6apo9015yaywu2micx2eo","children":"infosec"}],["$","$L27","sql",{"as":"$20","href":"/tags/sql","children":"SQL"}]]}],["$","div",null,{"className":"mt-16 px-6 xl:px-0","children":[["$","p",null,{"className":"border-b text-foreground-500 leading-8 tracking-wide","children":"Written by"}],["$","div",null,{"className":"mt-6 flex flex-col md:flex-row items-start gap-4","children":[["$","div",null,{"className":"flex items-center gap-3","children":[["$","img",null,{"src":"https://cdn.hashnode.com/res/hashnode/image/upload/v1644251155945/rz4Ibux5f.png","alt":"gatewaynode","className":"shrink-0 h-12 w-12 rounded-full bg-slate-100"}],["$","h5",null,{"className":"text-base font-semibold md:hidden","children":"gatewaynode"}]]}],["$","div",null,{"className":"max-w-2xl","children":[["$","h5",null,{"className":"text-base font-semibold hidden md:block","children":"gatewaynode"}],["$","p",null,{"className":"mt-1.5 text-foreground-600 dark:text-foreground-400 leading-7","children":""}]]}],["$","$L28",null,{"username":"gatewaynode","following":false,"className":"mt-1 md:mt-0 md:ml-auto"}]]}]]}]]}]

Why do I like OSQuery?

Subscribe to my newsletter

gatewaynode

gatewaynode