Parallels Between Osquery and GraphQL
Because they both originated at Facebook so why not…
Let’s take a look at some similarities between the 2 innovative projects that came out of Facebook!
GraphQL and Osquery
In this post, I will draw some parallels between GraphQL and Osquery.
The Similarities
GraphQL provides a middle ground to the developers and it in turn uses its own data resolver functions to get back the data to you. So this way, you don’t have to write a lot of different API endpoints or worry about managing them. Just spin up a GraphQL endpoint and write the resolver functions (along with the Schema and the root operation types ofcourse!) and enjoy the benefits :)
Osquery is similar — it provides a middle ground to DevOps, Compliance and Security teams to query the OS using a uniform language — using SQL-like syntax (a superset of SQLite to be exact).
Again, with Osquery too, you don’t have to worry about the underlying details, or the different mechanisms and OS APIs to get the data. You just send the data request in the form of a structured query (SQLite) and get what you want!
Sounds similar right :)
So they both are high-level interfaces that ease the querying of the data using a unified language that’s quite flexible! The inner details definitely would differ but the concept is what I am talking about.
As a developer and an infosec professional, I would definitely prefer things to be more easy to use and more flexible. If I have to dig into something for doing a small task, then its definitely the tool failing to do its job! And I do see GraphQL and Osquery don’t have this gap (atleast for the beginner to average users). Power users definitely can improve on the default installation by customizing and having adding extensions for their use cases.
Closing Thoughts
When I realized this pattern, it was quite enlightening for me, so I thought maybe some of you might also benefit from it!
It’s quite fun to understand the stuff too deeply enough to link them out and see them through a different lens! And that’s what my goal is — I want to make infosec accessible to more and more people and make it more fun and enjoyable :)
If you are interested to learn any infosec concept, let me know and I will break it down into more digestible and enjoyable lessons. Feel free to connect with me on Twitter and share your thoughts: @_SecurityGOAT
In case you enjoyed it, please share it among your friends in the infosec community :)
Lastly, if you have been enjoying my work and would love to support me, consider checking my Patreon page or you can even Buy Me a Coffee :)
See ya!
Until next time my friend, keep learning and happy hacking.
