I’m excited to share that we have just released free online training to introduce you to osquery. Our goal was to combine quick setup and hands on labs with complete accessibility, so that anyone who wanted to give osquery a try, could.
SQL (Standard Query Language) will be in its mid-forties later this month having been introduced by its creators Donald Chamberlin and Raymond Boyce in the 1970s. Given its age, it isn’t so hard to understand how the 2017 Stack Overflow Developers Survey uncovered that SQL is the second-most common programming language, used by 50% of developers and beaten only by JavaScript.
Topics: video, osquery tutorial, osquery
Osquery offers introspection capabilities for macOS that were previously difficult to achieve. Osquery uses a universal agent to collect and return a nearly unlimited amount of endpoint data that can then be queried like a database using SQL. For macOS system administrators, this opens up a world of quickly accessible system monitoring capabilities that we'll explore here today.
In this post and video (click here to skip ahead to the video), we'll review some of the basic tasks for macOS system monitoring with osquery (osquery can be used for Linux and Windows as well, but because macOS was previously so underserved, I'm focusing there. Most commands we'll review will be the same or similar for other systems).
What we'll cover:
Topics: macOS, osquery tutorial, video, osquery
Need to manually uninstall osquery on macOS? If you no longer want to use osquery on your Mac, or if you need to manually clear out the installation because you're having problems with the end-point and you want to reinstall from scratch, follow the four steps outlined below. We've also included the terminal command in text format so you can easily copy and paste.
Prefer video? Click here to skip ahead to a ~3 minute video and all commands required to uninstall osquery from your macos using Uptycs.
Topics: osquery, osquery tutorial, macOS
There have been several cases in the past year of major software vendors inadvertently introducing vulnerabilities through browser extensions. Last August, it was reported that 4.7M Chrome users were at risk due to malicious code injected into eight different Chrome extensions. This past November, Cisco's Webex extension - a widely adopted video conferencing platform - was found to have multiple vulnerabilities.
Topics: osquery, osquery tutorial, video
Filepath globbing (filename patterns with wildcards) support in osquery has regularly been a source of confusion, frustration, and lost time. You can certainly explore the wildcarding system in these osquery docs, but it is hoped that the notes below will help shed light on how globbing in osquery actually works to help save you some grief.
Topics: osquery, osquery tutorial
