There is a growing and passionate community around osquery, actively sharing information and perspective, answering questions, exposing challenges and dispelling misconceptions. Even so, learning the basics as you’re getting started requires a lot of piecing together bits of wisdom (ie Googling + Reading + Networking). The intention of this post is to a) curate some of the great content from the community b) organize it to cover common questions for beginners c) incorporate some of what we’ve learned over the past three years through the Uptycs journey. If you like it, and it is helpful, throw a comment down below or let us know on Twitter and we’ll create a more advanced FAQ next time around.
What is osquery?
Osquery is a universal endpoint agent that was developed by Facebook in 2014. It is an active and growing open source project on GitHub, with 230 contributors and over 90 releases to-date.
According to the official osquery docs, osquery (os=operating system) is an operating system instrumentation framework that exposes an operating system as a high-performance relational database. Using SQL, you can write a single query to explore any given data, regardless of operating system.
This is a unique approach in the security landscape, creating one agent for many operating systems, leveraging a standard query language instead of creating a proprietary one, and collecting rich data sets which have broad applications. Osquery represents a fundamental rethinking of the fragmented, siloed approach plaguing the security industry today.
With that (Read more...)
*** This is a Security Bloggers Network syndicated blog from Uptycs Blog authored by Amber Picotte. Read the original post at: https://www.uptycs.com/blog/intro-to-osquery-frequently-asked-questions-for-beginners