02/04/2023, 3:30 AM
Can I use ossuary for malware detection?

Gilad Reich

02/04/2023, 12:37 PM
Yes, there are pre-existing packs coming with the default installation that you can look how they work: However this is the OS instrumentation and monitoring aspect of osquery. There is also YARA rules, a technique AV vendors often use for scanning common pattern of bytes found in popular malwares: This will require you however to configure and setup things yourself, like ensuring your CVEs and Yara rules databases are automatically updated. I would say that if you’re looking for an existing system that does this for you, you’ll most likely end-up using osquery as an additional component that integrates into an existing XDR and SIEM platform.