Title
#general
n

niels

06/23/2020, 8:53 PM
Is there someone doing vulnerability scanning with osquery? e.g. based on installed apps
theopolis

theopolis

06/23/2020, 9:25 PM
Most likely, but not aware of anything specifically. osquery is best suited for someone to collect the ground truth about what is is installed, there are a lot of tables that supply name+version of components. If you go here: https://osquery.io/schema/4.3.0/ and CTRL+F for "version" you'll get a good idea of what data is exposed. Then you'll have to marry that data with vulnerability data in some magic backend. This is well beyond the scope of osquery.
j

Jason W

06/24/2020, 2:33 PM
@niels Uptycs does offer a commercial service based on usquery that does vuln scanning based on osquery output. Not open source though.
n

niels

06/24/2020, 2:36 PM
@Jason W / @theopolis: currently talking with them for a trial, since they require a meeting first..
Mike Myers

Mike Myers

06/24/2020, 3:33 PM
if there are more ways to improve the tables that enumerate packages and updates, those would be in scope for osquery development