osquery

Instrumenting Dynamic Environments with Source Control, Peer Review, and Decentralized Intelligence Distribution

Osquery configurations often start simple and static, but, as the complexity of an osquery deployment grows, the level of dynamicism grows to where a complex server installation is required to group sets of hosts together and target them for …

Starting Growing and Scaling Your Host Intrusion Detection Efforts

Osquery is a lightweight host intrusion detection tool that organizations can use to monitor extremely large production environments as well as smaller corporate environments. In this talk, we will discuss how to get started with osquery and how the …

Building Successful Open Source Security Software

Released in 2014 by Facebook, osquery is an open source operating system instrumentation framework and toolset. In this talk, I will reflect on some of the original motivations for creating osquery and discuss the concepts of openness in the …

OS X Operating System Security at Scale

A critical aspect of maintaining a robust infrastructure security posture is being able to ask low-level question of hosts in your environment. Even on a single host, performing operating system analytics can often be complex, error prone and …