SingHealth & Equifax breaches resulted in detailed reports. We'll look at the findings and map them to MITRE ATT&CK framework, then see how osquery could be used to detect these breaches.

Examples and use cases for osquery's most common table schemas.

The Adobe security team is working on a new approach to DFIR that’s scalable, quick and cost-effective based on OSQuery.

When analyzing malware & adversary activity in Windows, DLL injection techniques are commonly used, and there are plenty of resources on how to detect activities. When it comes to Linux, this is less commonly seen in the wild.

This is a review of 5 macOS malware techniques; Calisto, Dummy, HiddenLotus, LamePyre, and WireLurker. We'll review how to hunt them using osquery.

While osquery core is great for querying various system-level data remotely, forensics extensions will give it the ability to inspect to deeper-level data structures.

Learn how the Adobe security team uses osquery to investigate large groups infrastructure components for initial triage, basic forensic analysis, and proactively detect threats.

We'll explore how to set up a simple logging pipeline to detect maliciously downloaded files. If this pipeline detects a malicious file, a Slack alert will be triggered.

Osquery’s approach of using SQL SELECT statements to investigate the state of a system makes for an excellent way to quickly add a significant amount of context into a Sensu check.

Feedback from five major tech firms using osquery on use cases and challenges.

FAQ for people considering or just getting started with osquery.

Learn more about the architecture of the osquery system, how to step up your game, and contribute code.

macOS system monitoring with osquery is quick and easy once you understand some SQLite commands.

An osquery endpoint management server designed to take advantage of the native scaling, performance, and reliability of the AWS cloud environment.

Review and access the complete list of query packs provided for open source osquery.

StreamAlert is a real-time data analysis framework with point-in-time alerting...

A look at how to create extensions for Windows.

The implementation of TLS Persistent Transport Support in osquery decreases the network traffic...

In osquery, SQL tables, configuration retrieval, log handling, etc are implemented via a simple, robust plugin and extensions API. This project contains the official Python bindings for creating osquery extensions in Python.

In osquery, SQL tables, configuration retrieval, log handling, etc. are implemented via a robust plugin and extensions API. This project contains Go bindings for creating osquery extensions in Go.

Osquery extensions developed and maintained by Trail of Bits. Extensions add capabilities that go beyond osquery core.

Incident detection and response across thousands of hosts requires a deep understanding of actions and behavior across users, applications, and devices.

Learn how to bundle your custom configs with the osquery binary and output a customized MSI.

Install osquery on Ubuntu 16.04, use the 'osqueryi' interactive mode, and monitor a live system.

While Windows has a mature market for host instrumentation products, the options on macOS have been severely limited.

Osquery is a highly effective means to analyze malware across macOS, Linux, and Windows. In this blog post, we use OSX/Dummy as an example to analyze malware by collecting events data via osquery.

Fleet visibility with osquery and other f/oss tools

Using SQLite to ask osquery about inventory, disk encryption, remaining storage, active logins and more.

The introduction of osquery to the open source community by Facebook

Learn osquery for free in this instructor led video tutorial series.

Explore official project documentation from getting started to advaned configs.

Fernando Montenegro, Senior Analyst at 451 Research offers his view of osquery, its potential and risk in the security market.

An open source tools guide for deploying osquery at scale.

Explore tables and data structure of open source osquery by version.

Proprietary, agent-based solution silos have created a fragmented and complex market...

View issues, pull requests and history of the open source project.

Teddy Reed reveals the fragile componenets of osquery and suggestions for how to improve.

Diffy is a triage tool to help DFIR teams quickly identify compromised hosts on Cloud Workloads.

Learn about an extension for osquery that will let you dig deeper into the NTFS filesystem.

Osquery offers simple, yet profound ways to combine event and context data...

Install the Chocolately osquery package

dockerhub container download for osquery

Download the current known OS X vulnerabilities pruned by the osquery community.

Hands on guide to installing osquery on macOS.

Learn how to gather information from the Windows registry using osquery.

A dedicated Slack channel for users and developers to colloborate on osquery.

Download packages designed and signed by the Facebook team.

How to create an osquery config, centralize the log output, and start creating effective searches and alerts.

Explore the benefits of running osquery as a DaemonSet container.

Learn how to setup FIM using osquery on Ubuntu 18.04 and CentOS 7.

When running containers in production with Docker, bad configurations can easily lead to vulnerable environments...

Advanced osquery functionality. File integrity monitoring, process auditing, and more.

Protecting your organization and data against cyber attack vectors in the cloud requires new tools.

Learn how to monitor macOS with osquery and AWS Kinesis Firehose.

Dropbox provides a view into how they monitor macOS in their environment.

This post lays the foundation [for auditing] by expanding on the basic concepts of the Linux Audit Framework.

In addition to configuring auditing, strategies for reducing the performance impact and logging volume are shared.

How to ingest osquery logs with Rsyslog V8 via the system journal (vs from disk).

A technical look at how and why to run osquery as a DaemonSet container.

An overview of using osquery with docker from one of the original project contributors.

Orient yourself to core functions available in SQLite, used by osqueryi.

Hands on demonstration of basic SQL for osquery.

An analysis of different malware families, the types of events generated on the endpoint and how Osquery can detect them.

Using Osquery to explore the registry and startup_items tables to see another common technique that malware uses.

A look at combining the MITRE ATT&CK framework with osquery for Windows.

Follow this guide for identifying bad launch daemons on macOS using osquery.

Review example SQL queries for Threat Detection and DFIR using osquery.

Defining Threat Intel, its various sources and how to apply it at scale.

How to enable process auditing for Windows.

Join SANS Analyst, Dave Shackleford and Uptycs CTO, Milan Shah as they explore the new ways CSIRT teams are using osquery to provide a comprehensive, high-fidelity data set for incident investigation and more.