Make Your osquery an Endpoint DLP

Add real-time data leak prevention to your existing osquery deployment. One extension, zero new agents.

Linux · GDPR & CCPA

Free for non-commercial use

macOS + Linux · All 6 policies

Commercial use

osqueryi 
[*]osquery> SELECT path, policy, severity, pattern
   ...>          FROM aquilon_dlp_alerts
   ...>          WHERE data_type = 'cc';
path policy severity pattern
~/Downloads/customer_transactions.xlsx PCI-DSS High xxxx-xxxx-xxxx-9335
~/Downloads/customer_transactions_2024.xlsx PCI-DSS High xxxx-xxxx-xxxx-2295

Protect Against Real Threats

Detect PII Before Exfiltration

Problem

Employees unknowingly download files containing sensitive data

Solution

Real-time scanning catches SSNs, credit cards, and PII before data leaves your network

Catch Credential Leaks

Problem

API keys and secrets accidentally committed to repos or shared

Solution

Stream-based scanning detects secrets in build artifacts and file shares

Monitor Removable Media

Problem

Data exfiltration via USB drives and external storage

Solution

Automatic scanning when USB mounted detects compliance violations

osquery Native
macOS + Linux
100% Memory Safe (Rust)
Zero Integration

Works with your already-deployed osquery

One config change. That's it. Aquilon runs as an osquery extension—your existing SIEM integrations, Fleet, and Kolide deployments just work.

  • No new agents to deploy or manage
  • Query DLP alerts with SQL you already know
  • Works with Fleet, Kolide, and custom setups
scheduled query · HIPAA audit 
[*]osquery> SELECT COUNT(*) AS findings,
[*]   ...>        scanner,
[*]   ...>        DATE(timestamp, 'unixepoch') AS date
[*]   ...> FROM aquilon_dlp_alerts
[*]   ...> WHERE policy = 'HIPAA'
[*]   ...> GROUP BY scanner, date
[*]   ...> ORDER BY date DESC;
findings scanner date
294 HIPAA_policy 2025-12-17
6084 HIPAA_policy 2025-12-16

Built for Compliance

HIPAA Enterprise PCI-DSS Enterprise GDPR SOX Enterprise CCPA ISO 27001 Enterprise

From Detection to Audit Evidence

Aquilon finds sensitive data. Your SIEM proves you were looking.

Framework-Tagged Findings

Every scanner is tagged by compliance framework. Query policy = 'HIPAA' to filter findings for your specific audit.

Continuous Monitoring

Scheduled osquery queries run at your intervals—hourly, daily, or custom. Every scan includes timestamps, building your audit trail automatically.

Your SIEM, Your Evidence

Results flow to your SIEM via standard osquery logging. Splunk, Elastic, or your log aggregator becomes your source of truth for auditors.

Pricing

Choose the edition that fits your security needs.

Basic

Linux servers, up to 5 endpoints

  • All 50+ scanners
  • osquery integration
  • Community support
Add to Your osquery

Enterprise

macOS + Linux, unlimited endpoints

  • Everything in Basic
  • SIEM export
  • Priority support

See full feature comparison →

50+ Scanners

Credit cards, SSNs, API keys, secrets. Out of the box.

6 Compliance Frameworks

GDPR, HIPAA, PCI DSS, SOX, CCPA, ISO 27001.

osquery Native

No new agents. Query alerts with SQL.

Stop data leaks before they happen

Get started in 5 minutes. No complex setup required.

Get Started Free