Simplifying cloud infrastructure security with cloudquery
An introduction to structured security analytics for multi-cloud environments
Osquery has been established as a highly effective open source tool to help secure workstation and server workloads. A new osquery extension, cloudquery, enables security, IT, and DevOps teams to leverage the power of SQL-based analytics to easily get answers to questions about their multi-cloud infrastructure.
This interactive session will provide a lightning introduction to osquery then focus on how to get started using cloudquery to query AWS, Azure, and GCP environments to support use cases related to security and compliance.
Join us to learn about:
- Why structured security analytics are an effective approach to secure endpoint and cloud workloads
- How to install and configure the new osquery extension for multi-cloud infrastructure, cloudquery
- How to use cloudquery to collect data to support use cases such as compliance, detection, and monitoring
What is osquery?
Osquery is a an open-source, cross-platform agent that turns your operating system into a virtual database, letting you leverage the power of the SQL language to ask anything from your system. Over 200 tables let you understand what processes are running, what users are logged in, where the machine is connected, what files are on disk and much, much more. Due to its flexibility and power, it makes an amazing tool for threat hunting, security monitoring, and even IT operations.
What is cloudquery?
cloudquery is an osquery extension that allows IT, security, and DevOps teams to fetch cloud telemetry from AWS, GCP, and Azure. It is extensible so that one can add support for new tables easily, and configurable so that one can change the table schema as well.
Common use cases are security and compliance.
Find out more about cloudquery via GitHub.
osquery vs cloudquery
Cloudquery is an extension of osquery, not a replacement. You should install osquery on each endpoint to collect endpoint data and deploy cloudquery in each of your cloud environments to collect cloud data.