Uptycs is offering this free osquery training as a self-paced course that will equip students with an understanding of the data that osquery can be configured to collect, the tables that data is stored in and how to access that data using SQL and the osqueryi command-line interface. Although completely self-paced, we find this course can be completed in 2-4 hours given uninterrupted focus and intention.
This free osquery training will include everything you'll need to install osquery on a Linux virtual machine and learn how to query a variety of data types and sources from that virtual machine by exploring how to answer questions/scenarios provided by your instructor. This free osquery training is perfect for Security Researchers, Security Engineers, Mac Administrators, IT Administrators and any technically minded security leaders and practitioners. No prior experience with osquery is needed. Some experience with SQL is helpful, but also not required.
Your instructor, Doug Wilson, is the Director of Security at Uptycs and has nearly twenty years of experience in InfoSec and Technology. An advocate for open tools and standards, he helped found and run OWASP DC. Learn more about Doug on Twitter, LinkedIn and the Uptycs blog.
Official osquery docs describe osquery (os=operating system) as an operating system instrumentation framework that exposes an operating system as a high-performance relational database. Using SQL, you can write a single query to explore any given data, regardless of the operating system.