Osquery Deep Dive: Doing Low Level Analytics and Monitoring for Windows/Linux/macOS

Webinar Registration

How would you like to query your systems like a DB – with SQL- to do things like find all processes running without an EXE on the file system? (you do know why that’s important, right? File-less malware?) Here’s an Osquery that does just that:

SELECT name, path, pid FROM processes WHERE on_disk = 0;

OSQuery is an open-source operating system instrumentation framework licensed under Apache and it runs on Windows, Linux and macOS. You can query nearly anything about those Oss including:

Accounts
Policy
Firmware
Installed applications
Files and permissions
Authenticode code signatures of binaries
Hardware
Browser plugins
PowerShell events
Registry
Scheduled Tasks
Shared Folders

There are tons more – I just picked some highlights.

All of this information is surfaced as “tables” that you can query with good ole SQL.

This ability is incredibly valuable for administration and more importantly security. You can easily and quickly ask questions about your systems.

But Osquery goes further and allows you to detect change. Basically, you define queries that Osquery periodically runs and then compares to the previous query to provide you with the delta (aka change).

So, you could setup a query to let you know whenever a new EXE or DLL shows up on your system based on its hash as just one example.

Osquery can send it’s output multiple places – including the Windows Event Log, which means you can collect and aggregate the data.

In this real training for free session, we will:

Install Osquery live in my lab
Run some very cool example queries
Discuss how to install and manage Osquery across your environment
Explore Osquery output and logging
Understand Osquery’s ability to monitor for change

I’m joined by Tristan Morris from Carbon Black, our sponsor, who will show you how Carbon Black has built Osquery into their products and how they are contributing to the Osquery community. You’ll see how a real-time security operations solution enables organizations to ask questions of all endpoints and act to remediate in real time.

Please join us for this real training for free event.

First Name:	Required
Last Name:	Required
Work Email:	Required Invalid email address
Phone:	Required
Job Title:	Required
Organization:	Required
Country:	Required
State:	Required
Zip/Postal Code:	Required
Industry:	Required
	Your information will be shared with the sponsor. By clicking "Submit", you're agreeing to our Privacy Policy and consenting to be contacted by us and the sponsor. Tweet

Upcoming Webinars

Additional Resources

User name:
Password:
	/ Forgot?
	Register

April 2024 Patch Tuesday	"Patch Tuesday - One Zero Day and Record Number of Patches! " - sponsored by LOGbinder

Follow @randyfsmith

About | Newsletter | Contact

Ultimate IT Security is a division of Monterey Technology Group, Inc. ©2006-2024 Monterey Technology Group, Inc. All rights reserved.
Disclaimer: We do our best to provide quality information and expert commentary but use all information at your own risk. For complaints, please contact abuse@ultimatewindowssecurity.com.