Is there someone doing vulnerability scanning with osquery? e.g. based on installed apps
06/23/2020, 9:25 PM
Most likely, but not aware of anything specifically.
osquery is best suited for someone to collect the ground truth about what is is installed, there are a lot of tables that supply name+version of components.
If you go here: https://osquery.io/schema/4.3.0/ and CTRL+F for "version" you'll get a good idea of what data is exposed.
Then you'll have to marry that data with vulnerability data in some magic backend. This is well beyond the scope of osquery.
06/24/2020, 2:33 PM
@niels Uptycs does offer a commercial service based on usquery that does vuln scanning based on osquery output. Not open source though.
06/24/2020, 2:36 PM
@Jason W / @theopolis: currently talking with them for a trial, since they require a meeting first..
06/24/2020, 3:33 PM
if there are more ways to improve the tables that enumerate packages and updates, those would be in scope for osquery development