Channels
android_tests
apple-silicon
arm-architecture
auditing-warroom
aws
carving
code-review
community-feeds
core
darkbytes
doorman
ebpf
eclecticiq-polylogyx-extension
extensions
file-carving
fim
fleet
fleet-dev
fleetosquery
foundation
fuzzing
general
golang
goquery
infrastructure
jobs
kolide
linen-dev
linux
macos
officehours
osctrl
plugins
process-auditing
querycon
queryhub
random
selfgroup
sql
tls
uptycs
vendor-feeds
website
windows
zeek
zentral
zercurity
Title
m
Mystery Incorporated
06/19/2021, 3:22 PMIs anyone using osquery to check software against CVEs for vulnerabilities?
s
spookerlabs
06/19/2021, 4:25 PMI think you will like this issue https://github.com/fleetdm/fleet/issues/405
m
Mystery Incorporated
06/19/2021, 4:42 PMThanks, ah ok so it's not possible yet? But fleetdm should do it in the future?
s
seph
06/19/2021, 5:30 PMI’ve done this as a PoC. There’s a lot to build.
osquery will give you a package/application/whatever and their reported version. Matching those to CVEs requires some work. I don’t think I’ve seen an OSS implementation
m
Mystery Incorporated
06/19/2021, 7:42 PMwazuh is an OSS implementation doing it, but now I realise that you mean an OSS implementation using osquery.
s
seph
06/19/2021, 8:02 PMThat fleet issue has lots of good links to dive into.
l
Liam
06/20/2021, 9:26 AMWe use https://github.com/facebookincubator/nvdtools internally to do this - have a Query that returns in CPE format and then persist that into a Cassandra DB and our Data platform