Osquery has been established as a highly effective open source tool to help secure workstation and server workloads. A new osquery extension, cloudquery, enables security, IT, and DevOps teams to leverage the power of SQL-based analytics to easily get answers to questions about their multi-cloud infrastructure.
This interactive session will provide a lightning introduction to osquery then focus on how to get started using cloudquery to query AWS, Azure, and GCP environments to support use cases related to security and compliance.
- Why structured security analytics are an effective approach to secure endpoint and cloud workloads
- How to install and configure the new osquery extension for multi-cloud infrastructure, cloudquery
- How to use cloudquery to collect data to support use cases such as compliance, detection, and monitoring
About our speaker
Eric Kaiser is a Security Engineer at Uptycs, focused on endpoint and cloud security. He has a deep passion for system-level security, and in his spare time is an amateur motorcycle rider and mechanic, a runner, and an avid traveler.
What is osquery?
Official osquery docs describe osquery (os=operating system) as an operating system instrumentation framework that exposes an operating system as a high-performance relational database. Using SQL, you can write a single query to explore any given data, regardless of the operating system.
What is cloudquery?
cloudquery is an osquery extension that allows IT, security, and DevOps teams to fetch cloud telemetry from AWS, GCP, and Azure. It is extensible so that one can add support for new tables easily, and configurable so that one can change the table schema as well.
Common use cases are security and compliance.
Find out more about cloudquery via GitHub.
osquery vs cloudquery
Cloudquery is an extension of osquery, not a replacement. You should install osquery on each endpoint to collect endpoint data and deploy cloudquery in each of your cloud environments to collect cloud data.