Hi! A startup is looking at implementing security ...
# general
n
Hi! A startup is looking at implementing security monitoring (baseline/settings, endpoint protection) for their windows+macos machines. Is anyone doing this solely using OSS products? e.g. I see that Kolide Fleet + Wazuh is an option, but curious how others are using osquery for this purpose.
s
There are folks doing that with open source. I a bit about the fleet installs. I'm less familiar with other OSS products.
n
@seph I loved the Kolide approach, but I missed vulnerability scanning.
s
Thanks! Not everything is going to be right thing for everyone.
n
Well it worked very well, just so you know. ๐Ÿ™‚ I suppose vulnerability detection can be easily implemented on your SaaS backend since you can extract any installed apps & os, just need to import the NVD.
s
For broader ecosystem things.... there are both commercial and OSS offerings, as well as rolling your own. As always, I think the trade offs are in your time.
Glad it worked well!
n
Yeah, I proposed osquery/fleet/wazuh, but they donโ€™t have that time to invest in it, so looking at commercial offerings now. Not having an MDM also makes it harder.
s
I think we have some blog posts somewhere, but I think there's bang per buck in fixing basic security issues, than tracking NVD. But it's obviously a lot of belt and suspenders.
j
FYI, Uptycs is commercial osquery fleet manager that does vulnerability scanning with osquery.
Not cheap, but appears to be very good (I have not used it personally)
d
So the next major version of Security Onion (code named Hybrid Hunter) includes full integration of Zeek / Suricata / Kolide Fleet + Launcher / Wazuh / Elastic Stack / TheHive / Sigma (through Playbook) - 100% open source - Beta 3 dropped today. https://blog.securityonion.net/2020/06/security-onion-hybrid-hunter-140-beta-3.html
๐ŸŽ‰ 10