In an audit commissioned by Facebook, NCC Group consultants Raphael Salas, Andrew Rahimi and Robert Seacord provided an audit of the osquery framework for operating system instrumentation.
osquery represents operating system details and events as SQL tables that can be queried real-time in complex ways. The audit covered the osquery core and plugin interfaces, focusing on table data collection, functionality exposed through the OSX kernel module, and remote configuration and logger plugins.