-
Course
- Security
OS Analysis with osquery
osquery is an operating system instrumentation framework for monitoring systems using a relational database. In this course, you will learn OS Analysis using osquery.
What you'll learn
To detect cyber attacks on our endpoints, monitoring solutions must be established. With all of the data that you can collect, how do you know what’s necessary and what’s not? In this course, OS Analysis with osquery, you’ll cover how to utilize osquery to detect common persistence and collection attack techniques in an enterprise environment. First, you’ll demonstrate how to detect user accounts being creating outside of the acceptable processes.. Next, you’ll use osquery to detect staged files being moved in the network.. Finally, you’ll analyze the data and create alerts based upon the techniques. When you’re finished with this course, you’ll have the skills and knowledge to mitigate and detect these techniques T1136 Create Account: Local Account and T1074 Data Staged using osquery.
Table of contents
About the author
Joe is a Network Consulting Engineer and has worked in the IT industry since 2010. He has experience in teaching and mentoring IT professionals in both DoD environments and in the civilian sector, in both the networking and IT security fields.
More Courses by Joe