- Use Cases
- About Us
I’m enjoying listening to Guillaume Ross from @uptycs give his take on Osquery. If you want to learn more about Osquery, I think @DefensiveDepth course on the topic is the best resource available. #SOCSummit https://t.co/ZOYf8JM0yZ pic.twitter.com/ChJZ1Y8EYr— Chris Sanders (@chrissanders88) June 25, 2019
Osquery is a an open-source, cross-platform agent that turns your operating system into a virtual database, letting you leverage the power of the SQL language to ask anything from your system. Over 200 tables let you understand what processes are running, what users are logged in, where the machine is connected, what files are on disk and much, much more. Due to its flexibility and power, it makes an amazing tool for threat hunting, security monitoring, and even IT operations.
The topic of this webinar stems from a project that Guillaume has been working on since early 2019. While unfinished, he continues to update and tailor the presentation to fit the interests (and provide value to) of audiences at conferences such as:
Guillaume's presentation at the SANS SOC Summit 2019 earned him accolades in the "Staff Picks for Splunk Security Reading June 2019".
If this topic is of interest to you and/or your team, we encourage you to explore the work of Filippo Mottini (GitHub/Twitter: @teoseller). Filipo has gradually been working on mapping the MITRE ATT&CK Matrix to osquery and then creating query packs that can be used for osquery enterprise threat hunting. Learn more about this project here.