osquery

osquery is an open-source endpoint instrumentation framework. It exposes an operating system as a high-performance relational database, allowing you to write SQL queries to explore system state and activity in real-time. See schema.

Usage

Usage: osqueryi [SQL]

Example Statement: SELECT name, path, pid FROM processes WHERE on_disk = 0;