Ecosyste.ms: Awesome
An open API service indexing awesome lists of open source software.
https://github.com/sttor/awesome-osquery
Osquery Resources
https://github.com/sttor/awesome-osquery
List: awesome-osquery
Last synced: 16 days ago
JSON representation
Osquery Resources
- Host: GitHub
- URL: https://github.com/sttor/awesome-osquery
- Owner: sttor
- Created: 2019-08-23T11:17:43.000Z (over 5 years ago)
- Default Branch: master
- Last Pushed: 2019-08-23T13:27:45.000Z (over 5 years ago)
- Last Synced: 2024-12-01T17:02:25.358Z (20 days ago)
- Size: 10.7 KB
- Stars: 60
- Watchers: 5
- Forks: 15
- Open Issues: 0
-
Metadata Files:
- Readme: README.md
Awesome Lists containing this project
- ultimate-awesome - awesome-osquery - Osquery Resources. (Other Lists / Monkey C Lists)
README
# Awesome Osquery
Curated List of osquery resources.## Downloads
* [Official Osquery Repository](https://osquery.io/downloads/official/3.3.2)## Blogs and Articles
#### Official Documentation
* [Documentation](https://osquery.readthedocs.io/en/latest/)#### Starter Guide
* How to monitor your System Security with osquery - Digitalocean - [link](https://www.digitalocean.com/community/tutorials/how-to-monitor-your-system-security-with-osquery-on-ubuntu-16-04)
* Server Endpoint Security with osquery - Alibaba Cloud - [link](https://www.alibabacloud.com/blog/server-endpoint-security-with-osquery_594950)
* Osquery For Security Part 1 - [link](https://medium.com/@clong/osquery-for-security-b66fffdf2daf)
* Osquery For Security Part 2 - [link](https://medium.com/@clong/osquery-for-security-part-2-2e03de4d3721)
* Osquery across the enterprise - [link](https://medium.com/palantir/osquery-across-the-enterprise-3c3c9d13ec55)
* Install/Setup Doorman + Osquery on Windows, MAC OSX and Linux Deployment. - [link](https://holdmybeersecurity.com/2017/08/17/installsetup-doorman-osquery-on-windows-mac-osx-and-linux-deployment/#comment-10468)#### ELK
* Attack Monitoring Using ELK and osquery - [link](http://www.prajalkulkarni.com/2016/05/attack-monitoring-using-elk-outofband.html)
* Elk + Osquery + Kolide Fleet = Love - [link](https://jordanpotti.com/2018/02/16/elk-osquery-kolide-fleet-love/)#### Remote Forensics & Threat Hunting
* Using osquery for remote forensics - TrailofBits- [link](https://blog.trailofbits.com/2019/05/31/using-osquery-for-remote-forensics/)
* Introduction to osquery for Threat Detection and DFIR - Rapid7 - [link](https://blog.rapid7.com/2016/05/09/introduction-to-osquery-for-threat-detection-dfir/)
* Threat Hunting with Kolide and osquery - [link](https://resources.infosecinstitute.com/category/enterprise/threat-hunting/threat-hunting-solutions/how-to-build-a-threat-hunting-tool-in-10-steps/threat-hunting-with-kolide-and-osquery/#gref)#### Malware Analysis
* Malware Analysis using Osquery | Part 1 - [link](https://hackernoon.com/malware-analysis-using-osquery-part-1-78f5f617cc19)
* Malware Analysis using Osquery | Part 2 - [link](https://hackernoon.com/malware-analysis-using-osquery-part-2-69f08ec2ecec)
* Malware Analysis using Osquery | Part 2 - [link](https://hackernoon.com/malware-analysis-using-osquery-part-3-9dc805b67d16)
* MAC Malware Analysis using Osquery - Uptycs - [link](https://www.uptycs.com/blog/malware-analysis-using-osquery)
* Malware Hunting made easy with osquery and extensions [link](https://medium.com/@atul_15222/malware-hunting-made-easy-with-osquery-and-extensions-64361abac667)
* Detecting Malicious downloads with osquery, rsyslog, kafka, python3 and virustotal. - [link](https://holdmybeersecurity.com/2019/04/25/detecting-malicious-downloads-with-osquery-rsyslog-kafka-python3-and-virustotal/)### MITRE ATT&CK
* [ATT&CK+osquery = love](https://www.carbonblack.com/2018/10/29/attck-osquery-love/)
* [Hardening defenses with MITRE ATT&CK and osquery: Lessons from Singapore Health Breach](https://www.uptycs.com/blog/hardening-defenses-with-mitre-attck-and-osquery-lessons-from-singapore-health-breach)#### Other
* Manage Santa within osquery - TrailofBits - [link](https://blog.trailofbits.com/2018/05/29/manage-santa-within-osquery/)
* Anomaly detection using osquery - Facebook - [link](https://es-la.facebook.com/notes/protect-the-graph/anomaly-detection-using-osquery/1532788613627951/)
* Logging Osquery with rsyslog - [link](https://holdmybeersecurity.com/2019/03/29/logging-osquery-with-rsyslog-v8-love-at-first-sight/)
* Deploying osquery at scale - Uptycs - [link](https://www.uptycs.com/blog/deploying-osquery-at-scale-a-comprehensive-list-of-open-source-tools)
* Building and effective EDR with osquery [link](https://medium.com/@atul_15222/building-an-effective-edr-f8b1b037d6da)
* Adobe's Hubble and Osquery - [link](https://blogs.adobe.com/security/2017/12/introducing-hubblestack.html)
* How are teams currently using osquery -[link](https://blog.trailofbits.com/2017/11/09/how-are-teams-currently-using-osquery/)
* Osquery Cheat Sheet – Process Interrogation & Persistence Techniques - [link](https://defensivedepth.com/2018/10/10/osquery-cheat-sheet-process-interrogation-persistence-techniques/)## Courseware
* Free - Osquery training by Uptycs - [link](https://www.uptycs.com/free-osquery-training-intro-to-osquery)
* Paid - Osquery for Security Analysis - [link](https://www.networkdefense.io/library/osquery-for-security-analysis/71832/about/)## Repository
* A repository for using osquery for incident detection and response. [osquery-configuration](https://github.com/palantir/osquery-configuration)
* Python Binding for osquery [osquery-python](https://github.com/osquery/osquery-python)
* Go Binding for osquery [osquery-go](https://github.com/kolide/osquery-go)
* Mapping the MITRE ATT&CK Matrix with Osquery [osquery-attck](https://github.com/teoseller/osquery-attck)## Opensource Fleet Manager
* [Doorman](https://github.com/mwielgoszewski/doorman)
* [Kolide Fleet](https://github.com/kolide/fleet)
* [Zentral](https://github.com/zentralopensource/zentral/wiki)
* [Okta - SGT: OSQuery Management Server Built Entirely on AWS!](https://github.com/OktaSecurityLabs/sgt)## Commercial Fleet Manager
* [Kolide](https://kolide.com/)
* [Sttor](https://sttor.com)
* [Uptycs](https://www.uptycs.com/)
* [Zercurity](https://www.zercurity.com/)