Any plan to integrate something like google rapid ...
# generalo
Ojas
03/24/2022, 9:26 AMAny plan to integrate something like google rapid response (https://github.com/google/grr) in OSQuery? I would be amazing to get this type of functionality from osquery directly.
👍 1
a
alessandrogario
03/24/2022, 10:46 AM
Seems like it is written in Python; there is a Python SDK to connect to osquery and export tables and other plugins
alessandrogario
03/24/2022, 10:47 AM
Additionally, when implemented inside an extension, a table plugin can support write access (i.e. INSERT INTO, UPDATE, DELETE FROM)
alessandrogario
03/24/2022, 10:47 AM
We have already seen tables that can add/remove firewall rules or kill processes
o
Ojas
03/24/2022, 11:44 AMBut i dont wnna install 2 different agents. If we can combine both agents that would be awesome.
s
seph
03/24/2022, 7:17 PM
They may be different projects with different goals.
What abilities from GRR would you add to osquery?
o
Ojas
03/25/2022, 7:29 AMHey @seph
It would be cool to get some of the below mentioned features:
Agent side:
• Live remote memory analysis
• Powerful search and download capabilities for files
• OS-level and raw file system access
• Detailed monitoring of client CPU, memory, IO usage and self-imposed limits.
Sever side :
• Fully fledged response capabilities handling most incident response and forensics tasks. (shutting down some app, isolating machine from internet etc)
s
seph
03/25/2022, 11:22 AM
Osquery has many of those client features.
seph
03/25/2022, 11:23 AM
But osquery does not aim to control the machine. So the core project will not gain thjnfs like shutdown or app isolation.
seph
03/25/2022, 11:24 AM
I think it would be interesting if someone added that kind of functionality to an extension.
11 Views