i'm currently a master student looking for an interesting thesis topic to write about. my initial approach was to write about endpoint visibility because in times of DoH and DoT, solutions that honor the enduser's privacy, it becomes a lot more difficult for blue teams to detect suspicious behaviour over the wire. therefore i would like to focus on the endpoint, and what is possible to detect there. i have heard a lot good things about osquery, it helps a lot in regards to IT-Operations. But what would be the main Security use-cases for osquery to help blue teams detect threats in their environment/network? can you maybe point me in the right direction other than https://osquery.io/schema to help me get an idea on what is possible? many thanks in advance, cheers theresa
I was just about to link to the Palanatir GitHub page 😄
06/15/2020, 5:13 PM
Great minds think alike 😛
And I mean, Palantirs stuff is just pure gold 🙂
06/15/2020, 5:15 PM
Wow, just wow! Thank you from the bottom of my heart @Haam3rI did google before, and found a lot of stuff in regards to SysOp/IT Ops but just not focused on Security. Somehow this Palantir stuff must have slipped through.
Thanks a lot 🙂
Yeah it’s a good resource because they open sourced a lot of the config and then wrote the articles to explain why they are collecting those things with more practical examples of what they’re looking for.
06/15/2020, 5:51 PM
Cool, thanks for the explanation, @RyanAny idea, why most tutorials or write-ups focus heavily on threats for MacOS?
A much nicer approach to making sure your employee’s devices are secure without all the usual frustrating management software you tend to find at corporations.
06/15/2020, 5:57 PM
exactly, I've even seen companies enrolling their company-notebooks into MDM solutions (not just phones or tablets, but also notebooks)
usually that's what a proper cmdb is for, to keep track of those devices and its patch-level.