osquery

Using D-Bus to query systemd data

Osquery: Using D-Bus to query systemd data

| | Internship Projects, osquery
by Rachel Cipkins, Stevens Institute of Technology During my summer internship at Trail of Bits I worked on osquery, the massively popular open-source endpoint monitoring agent used for intrusion detection, threat hunting, ...
Trail of Bits Blog
Corelight Splunk App update: new dashboard and data

Corelight Splunk App update: new dashboard and data

| | Announcements, Community ID, Corelight Technical Add-on, ECS, EDR, encrypted traffic, ETC, HELK, MISP, NDR, osquery, partnership, SOC, Splunk, SSH, Suricata
By Roger Cheeks, US-East Sales Engineer, Corelight In support of Corelight’s latest software release, v19, we are pleased to launch our newest installment of the Corelight App for Splunk (Corelight App) and ...
Bright Ideas Blog
logo

Announcing the Zeek Agent

| | Engineering Practice, osquery
(This posting is cross-posted between the Zeek blog and the Trail of Bits blog). The Zeek Network Security Monitor provides a powerful open-source platform for network traffic analysis. However, from its network ...
Trail of Bits Blog
The results of a query on ntfs_journal_events

Real-time file monitoring on Windows with osquery

| | osquery
TL;DR: Trail of Bits has developed ntfs_journal_events, a new event-based osquery table for Windows that enables real-time file change monitoring. You can use this table today to performantly monitor changes to specific ...
Trail of Bits Blog

Investigating Threat Alerts with Osquery: Understanding Threat Surface & Risk

| | incident investigation, osquery, Threat Hunting, Threat Intelligence
The Uptycs Threat Intelligence team is responsible for providing a high quality, curated, and current Threat Intelligence feed to the Uptycs product. In order to deliver the threat feed, the team evaluates ...
Uptycs Blog

Announcing the osquery@scale Conference

| | osquery
Osquery has become a popular tooling for endpoint-based security analytics. The user community is thriving and vibrant as reflected in GitHub security showcase and osquery slack channel activity. There are many organizations, ...
Uptycs Blog
Panel Discussion: the osquery Foundation

QueryCon 2019: A Turning Point for osquery

| | Conferences, Engineering Practice, osquery
Has it really been 3 months since Trail of Bits hosted QueryCon? We’ve had such a busy and productive summer that we nearly forgot to go back and reflect on the success ...
Trail of Bits Blog

[Infographic] macOS Native Security Configurations and osquery

| | asset inventory, mac edr, macos, open source, osquery, security hygiene
Be it for macOS or my dog eating out of the trash, there is no such thing as a bullet-proof security policy. It’s all about creating a threshold of standards- something to ...
Uptycs Blog

Performant Osquery – Enterprise-grade Osquery at Scale Considerations

| | Cloud Security, open source, osquery, system architecture, TLS
In this blog post I’ll cover osquery’s ability to provide performant behavior and its capabilities to excel at enterprise grade requirements. Many observations covered in this blog will highlight various capabilities of ...
Uptycs Blog

Osquery Security Use Cases and Solutions

| | Cloud Security, open source, osquery, system architecture
Osquery has become a popular source of instrumentation for a wide variety of use cases. On github security showcase, it is currently among the top most popular open source security projects. Given ...
Uptycs Blog
Load more