Can someone explain me how osquery detects if software is vulnerable or not?
like are you checking with some open source database or something else?
04/27/2022, 8:17 AM
Osquery itself is a tool to gather device information.
Osquery can for example pull a list of software and it’s version then tools such as #fleet can cross reference this against the https://nvd.nist.gov/ for known CVE’s