Channels
android_tests
apple-silicon
arm-architecture
auditing-warroom
aws
carving
code-review
community-feeds
core
darkbytes
doorman
ebpf
eclecticiq-polylogyx-extension
extensions
file-carving
fim
fleet
fleet-dev
fleetosquery
foundation
fuzzing
general
golang
goquery
infrastructure
jobs
kolide
linen-dev
linux
macos
officehours
osctrl
plugins
process-auditing
querycon
queryhub
random
selfgroup
sql
tls
uptycs
vendor-feeds
website
windows
zeek
zentral
zercurity
Title
d
defensivedepth
08/12/2018, 11:49 PMWazuh (fork of OSSEC) has integrated osquery (https://github.com/wazuh/wazuh/releases/tag/v3.5.0 )
s
stefanmaerz
08/13/2018, 1:03 PMinteresting. I'm curious about why they selected OSSEC as their basis over osquery in the first place. I've used both and can't really think of an advantage OSSEC has.
I suppose osquery may not have existed when Wazuh started
d
defensivedepth
08/13/2018, 1:35 PMWazuh’s first release was in late 2015… Either way, for me, it was a pretty clear decision to move from OSSEC to osquery when I saw what I could do with osquery…. I still keep up with OSSEC/Wazuh, though…
👍 1
m
marpaia
08/13/2018, 4:15 PMmaybe they just really like xml 😉
😆 2
d
defensivedepth
08/13/2018, 4:28 PMSecurity Onion uses OSSEC/Wazuh. I will be presenting this fall at the SO conference on integrating osquery with SO - trying to tie network & endpoint data more closely together.
m
marpaia
08/13/2018, 5:29 PMoh cool! did you see @steffen’s talk at querycon about this?
d
defensivedepth
08/13/2018, 5:39 PMI saw the GH repo but not the recording… Not up the on the site yet?
m
marpaia
08/13/2018, 9:38 PMunfortunately steffen didn’t want the video posted.
d
defensivedepth
08/13/2018, 11:04 PMok, no worries…. Thanks!