Getting Started with Hyprwatch

Hyprwatch is an API control plane for osquery. Build security tools, run distributed queries, and manage osquery fleets through a simple API.

Interactive API Docs: Check out our Swagger UI to explore and test the API directly in your browser.

Quick Start

1

Get your API key

Sign up and create an API key from the dashboard under Settings > API Keys. You'll also get your organization's enrollment token for agents.

2

Install the Shadow agent

Run the install script on any Linux or macOS machine: 

curl -sSL https://hyprwatch.cloud/install/YOUR_ORG_TOKEN | sudo sh
3

Query via API

Execute queries across your fleet: 

curl -X POST https://hyprwatch.cloud/api/v1/query \
-H "Authorization: Bearer hw_live_xxx" \
-H "Content-Type: application/json" \
-d '{"sql": "SELECT * FROM system_info"}'

Key Concepts

Hosts

Machines running the Shadow agent with osquery. Query them individually, by group, or all at once.

Shadow Agent

The lightweight agent that runs on your hosts. It manages osquery and communicates with the Hyprwatch API.

osquery Tables

osquery exposes system data as SQL tables. Use the Schema Discovery API to explore 250+ available tables.