![]() ![]() For example, great care was taken to not allow reading arbitrary files by default through osquery. ![]() One big underlying assumption, though, is that osquery takes great care to not allow anyone to obtain potentially confidential data from the hosts or environment they run on. The combination of tables and the queries allows IT and security professionals to answer a variety of questions which can then be continuously monitored (through scheduled queries), with optional alerts if particular values are found or if changes in certain values are detected. There are currently 257 tables that can be queried, which are listed at. The information offered through this simple model would otherwise require complex and varied methods for collection and normalization, so this is a huge win. The way osquery works is by offering relational tables (some of which are general and others which are OS-specific) which can be queried using SQL and allow you to inspect live information from hosts in your fleet. In order to solve this problem using an easy to use interface, Facebook created osquery in 2014, and published it as open source software. Needs would include performance management, software inventories, or even threat hunting and incident response. IT professionals often need to answer questions about what is happening in the operating systems of the fleet they manage or secure. ![]()
0 Comments
Leave a Reply. |
AuthorWrite something about yourself. No need to be fancy, just an overview. ArchivesCategories |