Discuss how to install and manage Osquery across your environment.
QUERY OSQUERY ON ANOTHER MACHINE FOR FREE
In this real training for free session, we will: Osquery can send it’s output multiple places – including the Windows Event Log, which means you can collect and aggregate the data. So, you could setup a query to let you know whenever a new EXE or DLL shows up on your system based on its hash as just one example. Basically, you define queries that Osquery periodically runs and then compares to the previous query to provide you with the delta (aka change). You can easily and quickly ask questions about your systems.īut Osquery goes further and allows you to detect change. This ability is incredibly valuable for administration and more importantly security. There are tons more – I just picked some highlights.Īll of this information is surfaced as “tables” that you can query with good ole SQL. Authenticode code signatures of binaries.You can query nearly anything about those Oss including: OSQuery is an open-source operating system instrumentation framework licensed under Apache and it runs on Windows, Linux and macOS. SELECT name, path, pid FROM processes WHERE on_disk = 0 How would you like to query your systems like a DB – with SQL- to do things like find all processes running without an EXE on the file system? (you do know why that’s important, right? File-less malware?) Here’s an Osquery that does just that: Osquery Deep Dive: Doing Low Level Analytics and Monitoring for Windows/Linux/macOS Webinar Registration