![]() There are two ways to run osquery once you have it installed on your system. In the webinar linked above, I review and demo some of the basics of osquery that can help you get started. Everything you do with osquery is centered around SQL and its expressive nature to gather endpoint data rapidly and efficiently. Even if you're not a SQL expert, it is easy to start and begin writing queries quickly. Secondly, osquery exposes the operating system as a high-performance relational database that allows administrators to write SQL queries to obtain valuable data. Modern organizations require solutions that are operating system agnostic, and osquery accomplishes this. osquery takes that complexity away by allowing you to write queries across different operating systems to obtain relevant security and compliance data. Generally, you come across a mix of Linux, Windows, or macOS, making compliance activities difficult. I can confidently say that I have never seen an organization that exclusively uses one type of operating system. ![]() In my career, I have performed hundreds (maybe thousands?) of cybersecurity audits and assessments. The cross-platform capabilities of osquery make the tool valuable in modern environments. The first aspect of osquery that makes this a robust security and compliance tool is that it works on Windows, OS X, Linux, and FreeBSD. There are some critical aspects of the definition above that are essential to understand and dive into. With osquery, SQL tables represent abstract concepts such as running processes, loaded kernel modules, open network connections, browser plugins, hardware events or file hashes." This allows you to write SQL queries to explore operating system data. Osquery exposes an operating system as a high-performance relational database. The tools make low-level operating system analytics and monitoring both performant and intuitive. "osquery is an operating system instrumentation framework for Windows, OS X (macOS), Linux, and FreeBSD. In part 2 of this series, we are diving into osQuery from a compliance perspective. ![]() This makes compliance professionals more efficient - and probably more liked by their co-workers in the operations and engineering departments. By using tools that your administrators are using, compliance checks will be completed by those same administrators. An Easier Way to Multi-cloud, Multi-account Cloud ComplianceĪ fundamental tenet we discussed in part 1 of this series was that compliance professionals should live off the land and use ubiquitous tools to facilitate compliance checks.Leveraging OSQuery for Compliance - A Recovering Auditor’s Perspective.Why You Need Automation to Achieve Compliance in the Cloud.Posts supplement the material presented in #2 of the free webcast series: This blog is the 2nd of a 3-part series on why automation is necessary for cybersecurity compliance in modern cloud environments. Immediately apply the skills and techniques learned in SANS courses, ranges, and summits ![]()
0 Comments
Leave a Reply. |
AuthorWrite something about yourself. No need to be fancy, just an overview. ArchivesCategories |