Channels
android_tests
apple-silicon
arm-architecture
auditing-warroom
aws
carving
code-review
community-feeds
core
darkbytes
doorman
ebpf
eclecticiq-polylogyx-extension
extensions
file-carving
fim
fleet
fleet-dev
fleetosquery
foundation
fuzzing
general
golang
goquery
infrastructure
jobs
kolide
linen-dev
linux
macos
officehours
osctrl
plugins
process-auditing
querycon
queryhub
random
selfgroup
sql
tls
uptycs
vendor-feeds
website
windows
zeek
zentral
zercurity
Title
j
Jason NG
06/30/2021, 1:29 AMHi everyone, just a quick question. Since for tls mode, authentication and enrollment is needed. Is it possible to do this on a lambda function? I am asking this because i am trying to use lambda as a central management server where it can query the endpoints. Please do let me know if it does not make sense to do this. Just exploring options. Thanks!
s
seph
06/30/2021, 1:19 PMYes, there are several ways you could make this work.
the general flow here, is that osquery enrolls using a secret from the local machine. The TLS endpoint returns a node key. This node key is used for all subsequent queries.
There are many ways you could do that in AWS lambda.
* You record node keys in some backing store.
* You could issue something like a signed jwt
* Probably more
Depends a lot on your goals