hi all .. embarrassed to start with maybe the most...
# generalj
Jean Jordaan
11/21/2022, 3:29 PMhi all .. embarrassed to start with maybe the most noob question ever, but how do you trust that the osquery instance running on some machine is the real thing, and not an impostor sending back bogus or tampered telemetry?
s
seph
11/22/2022, 4:38 PM
I’m not sure there’s a simple answer. Generally speaking, this is a hard problem for all EDR software.
seph
11/22/2022, 4:38 PM
How do you trust the thing on the other end is what you think.
seph
11/22/2022, 4:38 PM
I don’t know a simple answer for osquery
m
Mike Myers
11/22/2022, 5:38 PMWe do have a Security Model and extended discussion in here if it is of interest https://github.com/osquery/osquery/blob/master/ASSURANCE.md
j
Jean Jordaan
11/28/2022, 3:07 AM@Mike Myers thanks a lot, that's excellent 🙏