Osquery
This is absolutely hands down my favorite "blue team" security tool. It is an extremely versatile and powerful, that allows you to quickly gather a wealth of information from a single endpoint or every endpoint in your fleet.

Queries
Libreoffice (CVE-2018-16858) - Remote Code Execution via Macro/Event execution
Additional information about the vulnerablity can be found in this The Hacker News article.
macOS
SELECT * FROM apps WHERE bundle_name like 'LibreOffice%' and (bundle_short_version = '6.0.7003');
Windows
SELECT * FROM programs WHERE name like 'LibreOffice%' and (version = '6.0.7.3');
Linux
SELECT * FROM deb_packages where name like 'libreoffice-core%' and (version like `1:6.0.7%`);
Extensions
Detect Responder (LLMNR, NBT-NS, MDNS poisoner) with osquery
Blogs and Such
Osquery Windows Process Event Auditing by Dennis Griffin