Hi everyone, just a quick question. Since for tls mode, authentication and enrollment is needed. Is it possible to do this on a lambda function? I am asking this because i am trying to use lambda as a central management server where it can query the endpoints. Please do let me know if it does not make sense to do this. Just exploring options. Thanks!
06/30/2021, 1:19 PM
Yes, there are several ways you could make this work.
the general flow here, is that osquery enrolls using a secret from the local machine. The TLS endpoint returns a node key. This node key is used for all subsequent queries.
There are many ways you could do that in AWS lambda.
* You record node keys in some backing store.
* You could issue something like a signed jwt
* Probably more