![]() ![]() By default, a filesystem plugin is used, which logs the results to a local file. When a scheduled query like SELECT name, version from deb_packages is executed, the osqueryd daemon will create a JSON log event with the results of the query. In this blog post, it’s my goal to show you how you can get started with osquery development using the osquery-go SDK. Earlier this year our team at Kolide released a set of Go packages with idiomatic interfaces that allow anyone to use the full power of Go to extend osquery. Osquery is a powerful tool, but it’s written in C++, so why are we talking about it in a GopherAcademy post? Osquery uses Thrift (a project similar to gRPC) to allow developers to extend osquery through a series of plugin types. With almost 200 tables available by default and support for macOS, Linux and Windows hosts, osquery is the tool of choice for many security and system administration teams. When the root password vulnerability became know a few weeks ago, the osquery community quickly crafted a query which would identify vulnerable macs in a fleet of devices. What if you could use SQL to query any aspect of your infrastructure? Osquery, an open source instrumentation tool released by the Facebook security team allows you to do just that.įor example, SELECT network_name, last_connected, captive_portal FROM wifi_networks WHERE captive_portal=1 will show all captive portal WiFi networks that a laptop has connected to.Īnd SELECT * FROM processes WHERE on_disk = 0 will show any process that is running where the binary has been deleted from disk.
0 Comments
Leave a Reply. |
AuthorWrite something about yourself. No need to be fancy, just an overview. ArchivesCategories |