Why do I like OSQuery?

Mainly because it let's me leverage my knowledge of SQL to dig through various boxes without having to learn hundreds of tools or archaic API's to get the job done. Nowhere has this been more obvious than in security response, where hunting for Indicators Of Compromise is normally a very tough challenge, but with OSQuery is relatively easy. Especially when you have well authored query tool kits like these:

OSQuery Defense Kit