Thanks Fritz. I am brand new to the osquery space....
# generalj
Jason Maratsos
09/21/2020, 1:02 PMThanks Fritz. I am brand new to the osquery space. Any advice?
f
fritz
09/21/2020, 1:34 PMHard to say! It's all about what you are seeking to accomplish. At the end of the day osquery is a tool like anything else, without knowing the goal, it would be a lot like giving you advice on how to use a hammer beyond 'hit stuff with the flat end'.
If you can share some of your goals, or issues that you are facing which led you to osquery, it will be easier to make suggestions about where to get started.
fritz
09/21/2020, 1:42 PMThere are a number of decent resources out there for getting started from a technical standpoint, whether that's:
Understanding how osquery works from a technical standpoint:
https://blog.kolide.com/osquery-under-the-hood-c1a8df46bb7a
Interacting with osqueryi and writing queries: https://osquery.readthedocs.io/en/stable/introduction/sql/
Perusing what device data is accessible via osquery:
https://osquery.io/schema/
Investigating open source osquery fleet managers like Zentral or Fleet:
https://github.com/zentralopensource/zentral
https://github.com/kolide/fleet
Seeing how individuals are using osquery for different purposes such as endpoint visibility, DFIR, etc.:
https://blog.kolide.com/monitoring-macos-hosts-with-osquery-ba5dcc83122d
https://blog.rapid7.com/2016/05/09/introduction-to-osquery-for-threat-detection-dfir/
4 Views