Make Your osquery an Endpoint DLP

Add real-time data leak prevention to your existing osquery deployment. One extension, zero new agents.

Linux · GDPR & CCPA

Free for personal use up to 5 servers

macOS + Linux · All 10 policies

Commercial use

osqueryi 
[*]osquery> SELECT path, policy, severity, pattern
   ...>          FROM aquilon_dlp_alerts
   ...>          WHERE data_type = 'cc';
path policy severity pattern
~/Downloads/customer_transactions.xlsx PCI-DSS High xxxx-xxxx-xxxx-9335
~/Downloads/customer_transactions_2024.xlsx PCI-DSS High xxxx-xxxx-xxxx-2295

Protect Against Real Threats

Detect PII Before Exfiltration

Problem

Employees unknowingly download files containing sensitive data

Solution

Real-time scanning catches SSNs, credit cards, and PII before data leaves your network

Catch Credential Leaks

Problem

API keys and secrets accidentally committed to repos or shared

Solution

Stream-based scanning detects secrets in build artifacts and file shares

Monitor Removable Media

Problem

Data exfiltration via USB drives and external storage

Solution

Automatic scanning when USB mounted detects compliance violations

osquery Native
macOS + Linux
100% Memory Safe (Rust)
Zero Integration

Works with your already-deployed osquery

One config change. That's it. Aquilon runs as an osquery extension—your existing SIEM integrations, Fleet, and Kolide deployments just work.

  • No new agents to deploy or manage
  • Query DLP alerts with SQL you already know
  • Works with Fleet, Kolide, and custom setups
scheduled query · HIPAA audit 
[*]osquery> SELECT COUNT(*) AS findings,
[*]   ...>        scanner,
[*]   ...>        DATE(timestamp, 'unixepoch') AS date
[*]   ...> FROM aquilon_dlp_alerts
[*]   ...> WHERE policy = 'HIPAA'
[*]   ...> GROUP BY scanner, date
[*]   ...> ORDER BY date DESC;
findings scanner date
294 HIPAA_policy 2025-12-17
6084 HIPAA_policy 2025-12-16

Dynamic Runtime Configuration

Modify Aquilon settings via SQL without restarting the agent. Update exclusion paths, resource limits, and enabled policies through the new aquilon_config table.

Performance & Intelligence

Hardware-Accelerated Scanning with Context Awareness

Intel Vectorscan integration and context-aware detection deliver enterprise-grade performance with dramatically reduced false positives.

Vectorscan High-Performance Engine

Hardware-accelerated multi-pattern matching powered by Intel Vectorscan. All 25+ regex-based scanners run in parallel in a single pass over file content.

  • Significant throughput improvements for bulk scanning
  • Reduced CPU utilization during scanning operations
  • Memory-efficient streaming maintains O(1) guarantee

Context-Aware False Positive Reduction

Intelligent scanning distinguishes between actual PII and meta-discussion about data formats, dramatically reducing noise.

  • Filters educational, test, and example data automatically
  • Correlates personal data context for higher confidence
  • Policy-level context requirements per compliance framework

Built for Compliance

HIPAA Enterprise PCI-DSS Enterprise GDPR SOX Enterprise CCPA ISO 27001 Enterprise CUI Enterprise CMMC Enterprise FedRAMP Enterprise FISMA Enterprise

View all compliance policies →

From Detection to Audit Evidence

Aquilon finds sensitive data. Your SIEM proves you were looking.

Framework-Tagged Findings

Every scanner is tagged by compliance framework. Query policy = 'HIPAA' to filter findings for your specific audit.

Continuous Monitoring

Scheduled osquery queries run at your intervals—hourly, daily, or custom. Every scan includes timestamps, building your audit trail automatically.

Your SIEM, Your Evidence

Results flow to your SIEM via standard osquery logging. Splunk, Elastic, or your log aggregator becomes your source of truth for auditors.

Pricing

Choose the edition that fits your security needs.

Basic

Free

Up to 5 Linux servers

  • All 50+ scanners
  • osquery integration
  • Community support

Enterprise

$8 /server/mo

$80/year when paid annually

  • Everything in Basic
  • macOS + Linux, unlimited
  • Priority support

See full feature comparison →

50+ Scanners

Credit cards, SSNs, API keys, secrets. Out of the box.

10 Compliance Frameworks

GDPR, HIPAA, PCI DSS, SOX, CCPA, ISO 27001, CUI, CMMC, FedRAMP, FISMA.

osquery Native

No new agents. Query alerts with SQL.

Stop data leaks before they happen

Get started in 5 minutes. No complex setup required.

Get Started