A curated collection of osquery materials by subject matter experts across the globe.
Get an understanding of how to use Augeas with osquery to parse configuration files.
Read Now
Go deep into the features and functions of osquery, a universal endpoint agent that exposes an operating system as a relational database.
Read Now
Using Augeas with osquery allows you to scan the configuration of your entire fleet of hosts, easily adapting to new internal applications and their proprietary configuration files.
Read Now
Using osquery to monitor system-level kernel extensions, modules, and drivers across all major desktop platforms is a great way to ensure IT compliance.
Read Now
When it comes to Chrome extensions, knowing what you have is half the battle. But once you know what you have, how do you decide what you should keep?
Read Now
Justin Mitzimberg explored osquery’s surprising and practical compliance capabilities in his talk at the 2020 osquery@scale event.
Read Now
Gathering software inventory is an important part of security and systems management. There’s a good reason software inventory is No. 2 in the list of CIS Critical Controls!
Read Now
Learn how to use and scale osquery to (proactively) detect evasive malware, stealthy persistence, fileless malware, unseen attacks etc.
Read Now
Join SANS Analyst, Dave Shackleford and Uptycs CTO, Milan Shah as they explore the new ways CSIRT teams are using osquery to provide a comprehensive, high-fidelity data set for incident investigation and more.
Watch Now
Defining Threat Intel, its various sources and how to apply it at scale.
Read Now
Review example SQL queries for Threat Detection and DFIR using osquery.
Read Now
Follow this guide for identifying bad launch daemons on macOS using osquery.
Read Now
Using Osquery to explore the registry and startup_items tables to see another common technique that malware uses.
Read Now
An analysis of different malware families, the types of events generated on the endpoint and how Osquery can detect them.
Read Now
Hands on demonstration of basic SQL for osquery.
Watch Now
Orient yourself to core functions available in SQLite, used by osqueryi.
Visit Site
A technical look at how and why to run osquery as a DaemonSet container.
Watch Now
How to ingest osquery logs with Rsyslog V8 via the system journal (vs from disk).
Read Now
In addition to configuring auditing, strategies for reducing the performance impact and logging volume are shared.
Read Now
This post lays the foundation [for auditing] by expanding on the basic concepts of the Linux Audit Framework.
Read Now
Dropbox provides a view into how they monitor macOS in their environment.
Read Now
Learn how to monitor macOS with osquery and AWS Kinesis Firehose.
Read Now
Protecting your organization and data against cyber attack vectors in the cloud requires new tools.
Read Now
Advanced osquery functionality. File integrity monitoring, process auditing, and more.
Read Now
Register for this open source security webinar to learn how to detect malware and improve security monitoring using JA3 and osquery.
Watch Now
When running containers in production with Docker, bad configurations can easily lead to vulnerable environments...
Read Now
Learn how to setup FIM using osquery on Ubuntu 18.04 and CentOS 7.
Read Now
Explore the benefits of running osquery as a DaemonSet container.
Read Now
How to create an osquery config, centralize the log output, and start creating effective searches and alerts.
Read Now
Download packages designed and signed by the Facebook team.
Visit Site
A dedicated Slack channel for users and developers to colloborate on osquery.
Join Channel
Learn how to gather information from the Windows registry using osquery.
Read Now
Hands on guide to installing osquery on macOS.
Watch Now
Download the current known OS X vulnerabilities pruned by the osquery community.
Visit Site
dockerhub container download for osquery
Visit Site
Install the Chocolately osquery package
Visit Site
Osquery offers simple, yet profound ways to combine event and context data...
Read Now
Learn about an extension for osquery that will let you dig deeper into the NTFS filesystem.
Read Now
An overview of using osquery with docker from one of the original project contributors.
Read Now
Diffy is a triage tool to help DFIR teams quickly identify compromised hosts on Cloud Workloads.
Read Now
Teddy Reed reveals the fragile componenets of osquery and suggestions for how to improve.
Watch Video
View issues, pull requests and history of the open source project.
Visit Site
Proprietary, agent-based solution silos have created a fragmented and complex market...
Read Now
Explore tables and data structure of open source osquery by version.
Visit Site
An open source tools guide for deploying osquery at scale.
Read Now
Fernando Montenegro, Senior Analyst at 451 Research offers his view of osquery, its potential and risk in the security market.
Download
Explore official project documentation from getting started to advaned configs.
Visit Site
Learn osquery for free in this instructor led video tutorial series.
Enroll Now
The introduction of osquery to the open source community by Facebook
Read Now
Security Breaches are happening every other week - understanding the anatomy of an attack is a daunting task that Incident Responders face. Attackers will leave behind breadcrumbs. Forensics tools can be time & resource intensive.
Watch Now
Using SQLite to ask osquery about inventory, disk encryption, remaining storage, active logins and more.
Watch Now
Fleet visibility with osquery and other f/oss tools
Watch Video
Osquery is a highly effective means to analyze malware across macOS, Linux, and Windows. In this blog post, we use OSX/Dummy as an example to analyze malware by collecting events data via osquery.
Read Now
While Windows has a mature market for host instrumentation products, the options on macOS have been severely limited.
Read Now
Install osquery on Ubuntu 16.04, use the 'osqueryi' interactive mode, and monitor a live system.
Read Now
Learn how to bundle your custom configs with the osquery binary and output a customized MSI.
Read Now
Incident detection and response across thousands of hosts requires a deep understanding of actions and behavior across users, applications, and devices.
Read Now
Osquery extensions developed and maintained by Trail of Bits. Extensions add capabilities that go beyond osquery core.
Visit Site
In osquery, SQL tables, configuration retrieval, log handling, etc. are implemented via a robust plugin and extensions API. This project contains Go bindings for creating osquery extensions in Go.
Visit Site
In osquery, SQL tables, configuration retrieval, log handling, etc are implemented via a simple, robust plugin and extensions API. This project contains the official Python bindings for creating osquery extensions in Python.
Visit Site
The implementation of TLS Persistent Transport Support in osquery decreases the network traffic...
Read Now
Watch Now
A look at how to create extensions for Windows.
Read Now
StreamAlert is a real-time data analysis framework with point-in-time alerting...
Read Now
Review and access the complete list of query packs provided for open source osquery.
Visit Site
An osquery endpoint management server designed to take advantage of the native scaling, performance, and reliability of the AWS cloud environment.
Read Now
macOS system monitoring with osquery is quick and easy once you understand some SQLite commands.
Read Now
Learn more about the architecture of the osquery system, how to step up your game, and contribute code.
Read Now
FAQ for people considering or just getting started with osquery.
Read Now
Feedback from five major tech firms using osquery on use cases and challenges.
Read Now
A look at combining the MITRE ATT&CK framework with osquery for Windows.
Read Now
Osquery’s approach of using SQL SELECT statements to investigate the state of a system makes for an excellent way to quickly add a significant amount of context into a Sensu check.
Read Now
We'll explore how to set up a simple logging pipeline to detect maliciously downloaded files. If this pipeline detects a malicious file, a Slack alert will be triggered.
Read Now
Learn how the Adobe security team uses osquery to investigate large groups infrastructure components for initial triage, basic forensic analysis, and proactively detect threats.
Watch Now
Register for this on-demand webinar to learn how to hunt for malware and IOC's using two powerful open source security tools: YARA and osquery
Watch Now
While osquery core is great for querying various system-level data remotely, forensics extensions will give it the ability to inspect to deeper-level data structures.
Read Now
This is a review of 5 macOS malware techniques; Calisto, Dummy, HiddenLotus, LamePyre, and WireLurker. We'll review how to hunt them using osquery.
Read Now
When analyzing malware & adversary activity in Windows, DLL injection techniques are commonly used, and there are plenty of resources on how to detect activities. When it comes to Linux, this is less commonly seen in the wild.
Read Now
The Adobe security team is working on a new approach to DFIR that’s scalable, quick and cost-effective based on OSQuery.
Read Now
Examples and use cases for osquery's most common table schemas.
Read Now
Using osquery to track container active process and network activity.
Read Now
SingHealth & Equifax breaches resulted in detailed reports. We'll look at the findings and map them to MITRE ATT&CK framework, then see how osquery could be used to detect these breaches.
Watch Now
No results found