Hi! A startup is looking at implementing security monitoring (baseline/settings, endpoint protection) for their windows+macos machines.
Is anyone doing this solely using OSS products? e.g. I see that Kolide Fleet + Wazuh is an option, but curious how others are using osquery for this purpose.
s
seph
06/17/2020, 12:52 PM
There are folks doing that with open source. I a bit about the fleet installs. I'm less familiar with other OSS products.
n
niels
06/17/2020, 12:56 PM
@seph I loved the Kolide approach, but I missed vulnerability scanning.
s
seph
06/17/2020, 12:59 PM
Thanks! Not everything is going to be right thing for everyone.
n
niels
06/17/2020, 12:59 PM
Well it worked very well, just so you know. 🙂
I suppose vulnerability detection can be easily implemented on your SaaS backend since you can extract any installed apps & os, just need to import the NVD.
s
seph
06/17/2020, 1:00 PM
For broader ecosystem things.... there are both commercial and OSS offerings, as well as rolling your own. As always, I think the trade offs are in your time.
seph
06/17/2020, 1:00 PM
Glad it worked well!
n
niels
06/17/2020, 1:01 PM
Yeah, I proposed osquery/fleet/wazuh, but they don’t have that time to invest in it, so looking at commercial offerings now. Not having an MDM also makes it harder.
s
seph
06/17/2020, 1:04 PM
I think we have some blog posts somewhere, but I think there's bang per buck in fixing basic security issues, than tracking NVD. But it's obviously a lot of belt and suspenders.
j
Jason W
06/17/2020, 3:26 PM
FYI, Uptycs is commercial osquery fleet manager that does vulnerability scanning with osquery.
Jason W
06/17/2020, 3:26 PM
Not cheap, but appears to be very good (I have not used it personally)