https://github.com/osquery/osquery logo
#general
Title
# general
j

Jay

02/04/2023, 3:30 AM
Can I use ossuary for malware detection?
g

Gilad Reich

02/04/2023, 12:37 PM
Yes, there are pre-existing packs coming with the default installation that you can look how they work: https://github.com/osquery/osquery/tree/master/packs However this is the OS instrumentation and monitoring aspect of osquery. There is also YARA rules, a technique AV vendors often use for scanning common pattern of bytes found in popular malwares: https://osquery.readthedocs.io/en/stable/deployment/yara/ This will require you however to configure and setup things yourself, like ensuring your CVEs and Yara rules databases are automatically updated. I would say that if you’re looking for an existing system that does this for you, you’ll most likely end-up using osquery as an additional component that integrates into an existing XDR and SIEM platform.