Aquilon DLP Basic
Free DLP for Linux
Current Linux endpoint DLP built on osquery. Start with one host, prove the workflow, then expand if it fits.
- Included: 58 scanners plus GDPR and CCPA policy packs.
- Packages:
RPM,DEB, andtar.gzforamd64andarm64. - Works with: existing osquery deployments.
- Upgrade path: Enterprise for commercial use, macOS, or more than 5 servers.
See the current package list and release notes on the releases page.
Basic At A Glance
Who it is for
Home labs, internal evaluations, and non-commercial Linux environments that want to prove coverage fast. Commercial deployments should start on Enterprise.
How access works
Click Get Basic, enter your email, start the free checkout, then request download links from that same email any time.
What to do if you are new to osquery
Start with one host, follow the 5-minute quick start, and use the first aquilon_dlp_alerts query to confirm the workflow before you expand.
What you can test on day one
Scanners
58 built-in detectors
PII, credentials, financial data, healthcare identifiers, code secrets, and other common leak patterns.
Monitoring
Linux files, shares, and USBs
Real-time monitoring for sensitive data on endpoints, shared folders, and removable media.
Policies
GDPR and CCPA included
Start with privacy policy packs in Basic, then move to Enterprise for the full compliance set.
Quick start
A real 5-minute test
Install the package, validate config, start osqueryd, and query aquilon_dlp_alerts.
osquery
What the first query looks like
This is the check from the Linux quick start. Validate the config, start osqueryd, and confirm that aquilon_dlp_alerts is live before you roll farther.
- Query findings with the same SQL workflow your team already knows.
- Use it with Fleet, Kolide, or your own osquery workflow.
- Start with one Linux host if you are evaluating. Start on Enterprise if this is a commercial rollout.
Need the full quick start? Open the docs.
[*]osquery> SELECT path, policy, severity ...> FROM aquilon_dlp_alerts ...> ORDER BY timestamp DESC ...> LIMIT 20;
What the first 5 minutes look like
1
Start Basic
Click Get Basic, enter your email, and start the free Basic checkout for non-commercial Linux use.
Go to Basic2
Install and validate
Install RPM, DEB, or tar.gz, then run aquilon-dlp --validate-config /etc/aquilon/config.toml.
3
Verify the table
Start osqueryd, then query aquilon_dlp_alerts to confirm the extension and findings path are live.
$ aquilon-dlp --validate-config /etc/aquilon/config.toml $ sudo systemctl start osqueryd $ osqueryi --connect /var/osquery/extensions.sock 'SELECT * FROM aquilon_dlp_alerts LIMIT 5;'
Start Enterprise instead when
If you are protecting a business environment, this is usually the right starting point.
Commercial use
Basic is the free non-commercial tier.
More than 5 servers
The free tier stops at five Linux servers.
macOS coverage
Basic is Linux only.
All policy packs
HIPAA, PCI-DSS, SOX, ISO 27001, CUI, CMMC, FedRAMP, and FISMA live in Enterprise.
FAQ
Is Aquilon Basic open source?
No. Aquilon uses osquery, but Aquilon itself is not open source.
Is it actually free?
Yes. Non-commercial Linux use, up to 5 servers.
How do downloads work?
Click Get Basic, enter your email, complete the free Basic checkout, then use that same email to receive download links for the Linux packages.
Do I need osquery already installed?
Aquilon runs as an osquery extension. If you already run osquery, the fit is straightforward. If you do not, start with one Linux host and follow the quick start first.
Still seeing OpenDLP or MyDLP in search?
Read the direct comparison: OpenDLP and MyDLP alternatives for Linux.
Choose your starting point
Basic is for a non-commercial Linux test. Enterprise is for business use, larger rollouts, or macOS coverage.