One of the more prevalent endpoint data sources out there is osquery let's go deeper. (This is exactly what happened when I bought that P90x DVD last year so that I could look just like Doug Merritt.)īut I digress. The overwhelming majority of people don’t fully implement what they buy. I base this on findings from the SANS 2018 Survey on Endpoint Protection. Because guess what? It turns out you can throw all the endpoint++, machine learning, AI-based detection and prevention technology you want at your systems, but unless you’ve got 100% coverage, you still have risk. It isn’t easy-every time I open my Twitter feed, someone's going off about the latest open-source this and next-gen that. If you see him, tell him he owes me a chilled bottle of Loire Valley rosé and that I want my Smiths mixtapes back.Īs part of recent work within the Security Specialist team at Splunk, we’ve been taking a closer look at sources of endpoint data that we're seeing across our customer base. However, he asked me to come out of semi-retirement for this blog on osquery.
He doesn’t understand that my current job at Splunk is to “manage” a bunch of security people-not to actively do hands-on experimentation and write up explanations of security-useful data sources.
OSQUERY SPLUNK HOW TO
With that in mind, James goes over some interesting things he has found and how to do them! – Ryan KovarĪuthor's Note: Ryan Kovar is a taskmaster.
However, along with its ability for real-time information pulls, it's also a phenomonal tool for logging.
This series is now legally allowed to drink! (Which is relevent when dealing with James Brodsky as a contributing author.) osquery has quickly become one of the most used resources for gathering data on *nix and MacOSs. This blog post is part twenty-one of the " Hunting with Splunk: The Basics" series.
0 kommentar(er)
