Getting Started with osquery

Learn how to deploy, configure, and use osquery to improve security by increasing visibility, detecting suspicious activity, and implementing features like File Integrity Monitoring, using this great cross-platform tool.
Course info
Level
Beginner
Updated
Feb 28, 2020
Duration
1h 54m
Table of contents
Description
Course info
Level
Beginner
Updated
Feb 28, 2020
Duration
1h 54m
Description

Understanding how to leverage the power of osquery to solve security problems can seem complicated.

In this course, Getting Started with osquery, you will gain the ability to not only install and configure osquery, but also to understand different aspects of using it in a real environment.

First, you"ll learn how to install it on Linux and Windows.

Next, you'll discover how the power of SQL can be used with it to solve security problems, like identifying what processes are being executed where, and real-time events will be leveraged so you can learn how to monitor activity between scheduled query intervals and implement File Integrity Monitoring.

Finally, you'll explore how to plan for a real deployment of osquery, including the use of advanced options like TLS logging and extensions.

When you're finished with this course, you'll have the skills and knowledge of osquery needed to plan a deployment and start writing queries that will help you get answers to your most important endpoint security questions.

Software required: a Linux (Ubuntu, Debian, Redhat or CentOS) system with the latest version of osquery stable.

About the author
About the author

Guillaume Ross is an experienced information security professional, providing services to many organizations as the lead consultant and founder of Caffeine Security Inc.

More from the author
Discovery with BloodHound
Intermediate
21m
Apr 20, 2020
More courses by Guillaume Ross
Section Introduction Transcripts
Section Introduction Transcripts

Course Overview
[Autogenerated] Hi, everyone. My name is Gilma Ross. Welcome to my course. Getting started with Lois Query. I'm a principal secret consultant at Caffeine Security and a principal product manager at Optics, a company that leverages the power of OS Corey for Security Analytics. OS Corey is a very powerful open source agent that can let you ask questions to your operating systems as if it were a virtual database. Thanks to this, you can ask your systems things like what processes are listening to network connections right now or what user account executed the process. Net Cat. In this course, we're going to install OS Quarry on minutes and Windows right Simple quarries and understand the OS Cory schema joint tables together to get more value out of the data and answer secreted concerns, and we'll review the advantages of different deployment models for US quarry. By the end of this course, you'll know how to deploy the West Corey right quarries and quarry packs for it, and how to use it to solve secrete e challenges like improving and point visibility, performing targeted threat hunting and implementing file integrity monitoring before beginning the scores, you should be familiar with linens and Sshh! I hope you'll join me on this. Joining to learn Os Cory with getting started with the West. Great course at Thorough site.