Is anyone using osquery to check software against ...
# generalm
Mystery Incorporated
06/19/2021, 3:22 PMIs anyone using osquery to check software against CVEs for vulnerabilities?
s
spookerlabs
06/19/2021, 4:25 PMI think you will like this issue https://github.com/fleetdm/fleet/issues/405
m
Mystery Incorporated
06/19/2021, 4:42 PMThanks, ah ok so it's not possible yet? But fleetdm should do it in the future?
s
seph
06/19/2021, 5:30 PM
I’ve done this as a PoC. There’s a lot to build.
seph
06/19/2021, 5:30 PM
osquery will give you a package/application/whatever and their reported version. Matching those to CVEs requires some work. I don’t think I’ve seen an OSS implementation
m
Mystery Incorporated
06/19/2021, 7:42 PMwazuh is an OSS implementation doing it, but now I realise that you mean an OSS implementation using osquery.
s
seph
06/19/2021, 8:02 PM
That fleet issue has lots of good links to dive into.
l
Liam
06/20/2021, 9:26 AMWe use https://github.com/facebookincubator/nvdtools internally to do this - have a Query that returns in CPE format and then persist that into a Cassandra DB and our Data platform
2 Views