Channels
android_tests
apple-silicon
arm-architecture
auditing-warroom
aws
carving
code-review
community-feeds
core
darkbytes
doorman
ebpf
eclecticiq-polylogyx-extension
extensions
file-carving
fim
fleet
fleet-dev
fleetosquery
foundation
fuzzing
general
golang
goquery
infrastructure
jobs
kolide
linen-dev
linux
macos
officehours
osctrl
plugins
process-auditing
querycon
queryhub
random
selfgroup
sql
tls
uptycs
vendor-feeds
website
windows
zeek
zentral
zercurity
Title
u
8p8c
03/01/2018, 12:23 AM@spookerlabs cough https://github.com/hubblestack/hubble cough (cis benchmark)
s
spookerlabs
03/01/2018, 10:44 AMBut CIS check not based on osquery right ? Just took quick look and seems it uses openscap.
s
stefanmaerz
03/01/2018, 2:06 PMyeah, for me the value propisition would be that I don't have to maintain yet another tool, instead use osquery which helps us kill two birds with one stone. openSCAP has all sorts of support for compliance profiles like CIS.
u
8p8c
03/01/2018, 3:40 PMit's not based on osquery (or openscap afaik).
from my understanding of cis benchmarks checking some of the file contents wouldn't be possible with osquery
s
stefanmaerz
03/01/2018, 4:02 PMcould augeas be used to parse out the content?
u
8p8c
03/01/2018, 5:12 PMyes it can in some cases, but what if you will hit a file what you don't have a lens for?
have you tried writing an augeas lens?
in some cases it's better to check if a configuration is active, rather than what's written in a file.
x
xstevens
03/03/2018, 9:36 PMthis is a topic I'm interested in as well