This workshop is an introduction to osquery, an open source SQL-powered operating system for instrumentation and analytics. Osquery was created by the Facebook Security team and is actively being developed by Facebook and the open source community. It is currently used by many companies for collecting host forensics and proactively hunting for abnormalities.