OS Analysis with osquery
osquery is an operating system instrumentation framework for monitoring systems using a relational database. In this course, you will learn OS Analysis using osquery.
What you'll learn
To detect cyber attacks on our endpoints, monitoring solutions must be established. With all of the data that you can collect, how do you know what’s necessary and what’s not? In this course, OS Analysis with osquery, you’ll cover how to utilize osquery to detect common persistence and collection attack techniques in an enterprise environment. First, you’ll demonstrate how to detect user accounts being creating outside of the acceptable processes.. Next, you’ll use osquery to detect staged files being moved in the network.. Finally, you’ll analyze the data and create alerts based upon the techniques. When you’re finished with this course, you’ll have the skills and knowledge to mitigate and detect these techniques T1136 Create Account: Local Account and T1074 Data Staged using osquery.