Osquery Query Helper

What This Skill Does

Help users with all aspects of osquery query work:

• Write queries from scratch based on investigation goals
• Validate queries the user has written against the schema
• Troubleshoot queries that aren't working as expected
• Suggest improvements for performance and accuracy

All work is grounded in the tables and columns defined in the provided schema files for the specified EDR platform.

When to Use

• User needs a query written for incident response or threat hunting
• User wants to validate an existing query against the correct schema
• User has a query that's failing and needs help troubleshooting
• User wants suggestions to improve query performance