- Course
OS Analysis with osquery
osquery is an operating system instrumentation framework for monitoring systems using a relational database. In this course, you will learn OS Analysis using osquery.
Intermediate
- Course
OS Analysis with osquery
osquery is an operating system instrumentation framework for monitoring systems using a relational database. In this course, you will learn OS Analysis using osquery.
Intermediate
Get started today
Access this course and other top-rated tech content with one of our business plans.
Try this course for free
Access this course and other top-rated tech content with one of our individual plans.
This course is included in the libraries shown below:
- Security
What you'll learn
To detect cyber attacks on our endpoints, monitoring solutions must be established. With all of the data that you can collect, how do you know what’s necessary and what’s not? In this course, OS Analysis with osquery, you’ll cover how to utilize osquery to detect common persistence and collection attack techniques in an enterprise environment. First, you’ll demonstrate how to detect user accounts being creating outside of the acceptable processes.. Next, you’ll use osquery to detect staged files being moved in the network.. Finally, you’ll analyze the data and create alerts based upon the techniques. When you’re finished with this course, you’ll have the skills and knowledge to mitigate and detect these techniques T1136 Create Account: Local Account and T1074 Data Staged using osquery.
OS Analysis with osquery
Intermediate
Table of contents
Joe is a Network Consulting Engineer and has worked in the IT industry since 2010. He has experience in teaching and mentoring IT professionals in both DoD environments and in the civilian sector, in both the networking and IT security fields.