Title
#general
j

Jean Jordaan

11/21/2022, 3:29 PM
hi all .. embarrassed to start with maybe the most noob question ever, but how do you trust that the osquery instance running on some machine is the real thing, and not an impostor sending back bogus or tampered telemetry?
s

seph

11/22/2022, 4:38 PM
I’m not sure there’s a simple answer. Generally speaking, this is a hard problem for all EDR software.
4:38 PM
How do you trust the thing on the other end is what you think.
4:38 PM
I don’t know a simple answer for osquery
Mike Myers

Mike Myers

11/22/2022, 5:38 PM
We do have a Security Model and extended discussion in here if it is of interest https://github.com/osquery/osquery/blob/master/ASSURANCE.md
j

Jean Jordaan

11/28/2022, 3:07 AM
@Mike Myers thanks a lot, that's excellent 🙏