We posted this yesterday

Question

We posted this yesterday Many thanks to < alessandrogario> and Trail of Bits for their great work pulling this together

stefanmaerz · Answer

Is this a fork of osquery built specifically to integrate with Zeek

alessandrogario · Answer

No it works with standard osquery

alessandrogario · Answer

If there s anything that doesn t work with upstream binaries let us know and we ll open an issue slightly smiling face

stefanmaerz · Answer

yes helps if i read the artcle first Eventually this process evolved into a clean rewrite to produce an entirely new agent that can operate both in a standalone fashion and with osquery slightly smiling face

stefanmaerz · Answer

I m definitely intrigued by this Contextualizing and correlating network log sources is something i m working on right now Is the idea behind this the same as the original bro osquery project back in the day Where Zeek can ask the endpoint for host process user data to contextualize network logs If so that is fire fire fire

alessandrogario · Answer

Yes something like that slightly smiling face