Hi everyone, I've been working on a new security monitoring solution (XDR) for real-time threat detection on servers and endpoints that is based on osquery. It uses a custom fleet management architecture to distributes osquery configuration files to agents and collect logs. Logs are correlated on the central server (that you self-host) to detect threats and provide security recommendations. One of the main goals of the project is to let everyone take full advantage of osquery for threat detection by creating a framework around it with indexing, database storage and visualization all taken care of. So far in my tests against Wazuh it performs pretty well and detects many security events that go unnoticed by Wazuh. What do you think about it as a concept? Any recommendations? https://impulse-xdr.com/

Seems like a neat project! One thing I notice, is that you’ve often written osquery a

OSquery

. This is not the correct casing.

osquery

or

Osquery

Was meant to finally settle on osquery spelling